This is an automated email from the ASF dual-hosted git repository.
remm pushed a commit to branch 10.1.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/10.1.x by this push:
new 7e8d823544 Add log warning for additional suspicious appBase values
7e8d823544 is described below
commit 7e8d8235442cbcfa1805cf9f85ab43de0cec7650
Author: remm <[email protected]>
AuthorDate: Thu Nov 20 09:37:05 2025 +0100
Add log warning for additional suspicious appBase values
---
java/org/apache/catalina/core/LocalStrings.properties | 2 ++
java/org/apache/catalina/core/StandardHost.java | 13 +++++++++++++
webapps/docs/changelog.xml | 4 ++++
3 files changed, 19 insertions(+)
diff --git a/java/org/apache/catalina/core/LocalStrings.properties
b/java/org/apache/catalina/core/LocalStrings.properties
index 78800f1595..7258f44a23 100644
--- a/java/org/apache/catalina/core/LocalStrings.properties
+++ b/java/org/apache/catalina/core/LocalStrings.properties
@@ -276,7 +276,9 @@ standardHost.noContext=No Context configured to process
this request
standardHost.notContext=Child of a Host must be a Context
standardHost.nullName=Host name is required
standardHost.problematicAppBase=Using an empty string for appBase on host
[{0}] will set it to CATALINA_BASE, which is a bad idea
+standardHost.problematicAppBaseParent=appBase on host [{0}] is a parent folder
of CATALINA_BASE, which is a bad idea
standardHost.problematicLegacyAppBase=Using an empty string for legacyAppBase
on host [{0}] will set it to CATALINA_BASE, which is a bad idea
+standardHost.problematicLegacyAppBaseParent=legacyAppBase on host [{0}] is a
parent folder of CATALINA_BASE, which is a bad idea
standardHostValve.customStatusFailed=Custom error page [{0}] could not be
dispatched correctly
standardHostValve.exception=Exception Processing [{0}]
diff --git a/java/org/apache/catalina/core/StandardHost.java
b/java/org/apache/catalina/core/StandardHost.java
index b755a96654..89987e02fa 100644
--- a/java/org/apache/catalina/core/StandardHost.java
+++ b/java/org/apache/catalina/core/StandardHost.java
@@ -18,6 +18,7 @@ package org.apache.catalina.core;
import java.io.File;
import java.io.IOException;
+import java.nio.file.Path;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
@@ -229,6 +230,12 @@ public class StandardHost extends ContainerBase implements
Host {
// Ignore
}
+ Path appBasePath = file.toPath();
+ Path basePath = getCatalinaBase().toPath();
+ if (basePath.startsWith(appBasePath)) {
+ log.warn(sm.getString("standardHost.problematicAppBaseParent",
getName()));
+ }
+
this.appBaseFile = file;
return file;
}
@@ -272,6 +279,12 @@ public class StandardHost extends ContainerBase implements
Host {
// Ignore
}
+ Path appBasePath = file.toPath();
+ Path basePath = getCatalinaBase().toPath();
+ if (basePath.startsWith(appBasePath)) {
+
log.warn(sm.getString("standardHost.problematicLegacyAppBaseParent",
getName()));
+ }
+
this.legacyAppBaseFile = file;
return file;
}
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 326d458a02..44e17e261e 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -111,6 +111,10 @@
<bug>69871</bug>: Increase log level to INFO for missing configuration
for the rewrite valve. (remm)
</fix>
+ <fix>
+ Add log warnings for additional Host <code>appBase</code> suspicious
+ values. (remm)
+ </fix>
</changelog>
</subsection>
<subsection name="Jasper">
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
