Comment 28 for bug 1659124
Revision history for this message
|
|
#28 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
1b1ed1a
(Get the code!)
Hi
We don't see anyway out when millions of terminals are not working and that tomcat restricted '"' from being a part of request URL.
Terminals will not comply overnight but are starting to comply slowly. Therefore we need to allow '"' under some transitional period before totally disallow the '"' char in a request URL.
Staying on tomcat version 8.0.36 still risky because CVE-2016-6816 can be triggered.
BR
Lulseged Zerfu