-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Matthias,
On 3/9/20 09:43, Matthias Fechner wrote: > Am 04.03.2020 um 09:17 schrieb Martin Grigorov: >> Please read this discussion: >> https://lists.apache.org/thread.html/r9f3a2ea48f2e76f7c092ea2dc4caec7 d15c86f7773281ef6c8cdb817%40%3Cusers.tomcat.apache.org%3E >> >> <https://markmail.org/message/kmx6krqtduqma7jj> >> The problem and a workaround are explained here: >> https://lists.apache.org/thread.html/r3720861ca584c0b6794cb8bfffafa18 fa67b514f3df47ce7ea5329ef%40%3Cusers.tomcat.apache.org%3E > >> > thanks, adding this fixed it: > > allowedRequestAttributesPattern=".*" That's not a super-secure solution. You really should specify a correct whitelist pattern instead of "accept all". - -chris -----BEGIN PGP SIGNATURE----- Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/ iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl5muhAACgkQHPApP6U8 pFiQjw//Sqv17ybqBJGsZaMynXAA/fFAfPyf+PknN6p+h+LMc8grPiSxM2Dpc6Tq ISTYPT+4Pg2GDNBw3kkCTB2+7Z1t4hoetliprnDNJgtdR6WqhgcGhLv57RN+E18Z fBN9S3gQMCGBwznSMqXnXtXMBJn/ayUIdjJDhwFC/BY++OcObh9UmNM8fkCRDwfy 7OcrP33oqY0Okhl+lYceb5700Yd6kTAbNP657UPjYXrQmbODIIbGmPlcmtOEU0T+ Re7UFpyYZBvBPqNc2DFI94A2EEn1Q/EhWCZvM2bOWdOyxCi0dZ4CVkQdH9VvNiUZ X3hH4kCAK4NSa7N9Wfci/WOiiYDCHrkOPLyv38ZlsUA0HE2DHmr4c/bgvYLSGNB1 jZha5MuGlp7e80Xrj+ywR8TM+n8XkjX1t2phpVI3V9Lgcw+xa76DySCcIwHy3PZ3 eV1WEX7fAAhVJA4rp+WK1WuBoJ3wmio4wAKZ++5SbWhh8CR0dPXxSrDb2hextIKl Ey+zz2mjNYIuz/DkaWbsTLzkL5DOfdWbjnOvKLLkZ/GoHsY9MDCpyKkCg/Pz1oky jgEBX/s5hmqgBwF7TIbg3rEV2LLaR0A9XnUIau7UlCxgRSXYagWsKLy9NWZt1PkR 2sb37n/1z4MK9v2NUh6bM2N9/pOkRJQv9jEMvV47iAOJMnBMeEs= =27B7 -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org