This is an automated email from the ASF dual-hosted git repository.
markt-asf pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/9.0.x by this push:
new 37cf27549b Expand protection for apps using SSI
37cf27549b is described below
commit 37cf27549be4b46dd9940f6ace3f1820b49e642d
Author: Mark Thomas <[email protected]>
AuthorDate: Mon Jun 15 13:16:37 2026 +0100
Expand protection for apps using SSI
---
java/org/apache/catalina/ssi/SSIServletExternalResolver.java | 3 ++-
webapps/docs/changelog.xml | 3 ++-
2 files changed, 4 insertions(+), 2 deletions(-)
diff --git a/java/org/apache/catalina/ssi/SSIServletExternalResolver.java
b/java/org/apache/catalina/ssi/SSIServletExternalResolver.java
index 161ea8981a..5812ad09b7 100644
--- a/java/org/apache/catalina/ssi/SSIServletExternalResolver.java
+++ b/java/org/apache/catalina/ssi/SSIServletExternalResolver.java
@@ -182,7 +182,8 @@ public class SSIServletExternalResolver implements
SSIExternalResolver {
*/
protected boolean isNameReserved(String name) {
return name.startsWith("java.") || name.startsWith("javax.") ||
name.startsWith("sun.") ||
- name.startsWith("jakarta.");
+ name.startsWith("jakarta.") ||
name.startsWith("org.apache.catalina.") ||
+ name.startsWith("org.apache.tomcat.");
}
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index f9abdb9b63..fb8a726aea 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -268,7 +268,8 @@
Fix a potential deadlock when copying resources using WebDAV. (markt)
</fix>
<fix>
- Add <code>jakarta.</code> to the list of reserved prefixes for SSI
+ Add <code>jakarta.</code>, <code>org.apache.catalina.</code> and
+ <code>org.apache.tomcat.</code>to the list of reserved prefixes for SSI
variables and request attributes. (markt)
</fix>
<fix>
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
