rmaucher commented on PR #687: URL: https://github.com/apache/tomcat/pull/687#issuecomment-1932491567
URL processing and mapping has to follow a lot of rules from specifications to avoid inconsistencies which would be security issues. So this is one of them. Indeed creative encoding can cause path traversals on the backends. To be honest, a good security practice is to not use user input as paths in your app, rather use some other kind of mapping. So no traversal then. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org