This is an automated email from the ASF dual-hosted git repository.
remm pushed a commit to branch 11.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/11.0.x by this push:
new ab1d128d21 Add log warning for additional suspicious appBase values
ab1d128d21 is described below
commit ab1d128d21fe2ebaea5f702f192962aebeedbde6
Author: remm <[email protected]>
AuthorDate: Thu Nov 20 09:37:05 2025 +0100
Add log warning for additional suspicious appBase values
---
java/org/apache/catalina/core/LocalStrings.properties | 2 ++
java/org/apache/catalina/core/StandardHost.java | 13 +++++++++++++
webapps/docs/changelog.xml | 4 ++++
3 files changed, 19 insertions(+)
diff --git a/java/org/apache/catalina/core/LocalStrings.properties
b/java/org/apache/catalina/core/LocalStrings.properties
index 9d4000266a..0d67ce4cf2 100644
--- a/java/org/apache/catalina/core/LocalStrings.properties
+++ b/java/org/apache/catalina/core/LocalStrings.properties
@@ -269,7 +269,9 @@ standardHost.noContext=No Context configured to process
this request
standardHost.notContext=Child of a Host must be a Context
standardHost.nullName=Host name is required
standardHost.problematicAppBase=Using an empty string for appBase on host
[{0}] will set it to CATALINA_BASE, which is a bad idea
+standardHost.problematicAppBaseParent=appBase on host [{0}] is a parent folder
of CATALINA_BASE, which is a bad idea
standardHost.problematicLegacyAppBase=Using an empty string for legacyAppBase
on host [{0}] will set it to CATALINA_BASE, which is a bad idea
+standardHost.problematicLegacyAppBaseParent=legacyAppBase on host [{0}] is a
parent folder of CATALINA_BASE, which is a bad idea
standardHostValve.customStatusFailed=Custom error page [{0}] could not be
dispatched correctly
standardHostValve.exception=Exception Processing [{0}]
diff --git a/java/org/apache/catalina/core/StandardHost.java
b/java/org/apache/catalina/core/StandardHost.java
index 8ac855c6e3..ddb16abec1 100644
--- a/java/org/apache/catalina/core/StandardHost.java
+++ b/java/org/apache/catalina/core/StandardHost.java
@@ -18,6 +18,7 @@ package org.apache.catalina.core;
import java.io.File;
import java.io.IOException;
+import java.nio.file.Path;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
@@ -228,6 +229,12 @@ public class StandardHost extends ContainerBase implements
Host {
// Ignore
}
+ Path appBasePath = file.toPath();
+ Path basePath = getCatalinaBase().toPath();
+ if (basePath.startsWith(appBasePath)) {
+ log.warn(sm.getString("standardHost.problematicAppBaseParent",
getName()));
+ }
+
this.appBaseFile = file;
return file;
}
@@ -271,6 +278,12 @@ public class StandardHost extends ContainerBase implements
Host {
// Ignore
}
+ Path appBasePath = file.toPath();
+ Path basePath = getCatalinaBase().toPath();
+ if (basePath.startsWith(appBasePath)) {
+
log.warn(sm.getString("standardHost.problematicLegacyAppBaseParent",
getName()));
+ }
+
this.legacyAppBaseFile = file;
return file;
}
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 975e28f890..f19040c63b 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -111,6 +111,10 @@
<bug>69871</bug>: Increase log level to INFO for missing configuration
for the rewrite valve. (remm)
</fix>
+ <fix>
+ Add log warnings for additional Host <code>appBase</code> suspicious
+ values. (remm)
+ </fix>
</changelog>
</subsection>
<subsection name="Jasper">
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
