mirror of
https://github.com/spring-projects/spring-boot.git
synced 2024-07-15 01:07:30 +08:00
Upgrade to Undertow 2.3.4.Final
Closes gh-34304
This commit is contained in:
parent
6e2be8b284
commit
c40e9f437f
@ -1534,10 +1534,19 @@ public class ServerProperties {
|
||||
* Whether the server should decode percent encoded slash characters. Enabling
|
||||
* encoded slashes can have security implications due to different servers
|
||||
* interpreting the slash differently. Only enable this if you have a legacy
|
||||
* application that requires it.
|
||||
* application that requires it. Has no effect when server.undertow.decode-slash
|
||||
* is set.
|
||||
*/
|
||||
private boolean allowEncodedSlash = false;
|
||||
|
||||
/**
|
||||
* Whether encoded slash characters (%2F) should be decoded. Decoding can cause
|
||||
* security problems if a front-end proxy does not perform the same decoding. Only
|
||||
* enable this if you have a legacy application that requires it. When set,
|
||||
* server.undertow.allow-encoded-slash has no effect.
|
||||
*/
|
||||
private Boolean decodeSlash;
|
||||
|
||||
/**
|
||||
* Whether the URL should be decoded. When disabled, percent-encoded characters in
|
||||
* the URL will be left as-is.
|
||||
@ -1631,14 +1640,25 @@ public class ServerProperties {
|
||||
this.maxCookies = maxCookies;
|
||||
}
|
||||
|
||||
@DeprecatedConfigurationProperty(replacement = "server.undertow.decode-slash")
|
||||
@Deprecated(forRemoval = true, since = "3.0.3")
|
||||
public boolean isAllowEncodedSlash() {
|
||||
return this.allowEncodedSlash;
|
||||
}
|
||||
|
||||
@Deprecated(forRemoval = true, since = "3.0.3")
|
||||
public void setAllowEncodedSlash(boolean allowEncodedSlash) {
|
||||
this.allowEncodedSlash = allowEncodedSlash;
|
||||
}
|
||||
|
||||
public Boolean getDecodeSlash() {
|
||||
return this.decodeSlash;
|
||||
}
|
||||
|
||||
public void setDecodeSlash(Boolean decodeSlash) {
|
||||
this.decodeSlash = decodeSlash;
|
||||
}
|
||||
|
||||
public boolean isDecodeUrl() {
|
||||
return this.decodeUrl;
|
||||
}
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2012-2022 the original author or authors.
|
||||
* Copyright 2012-2023 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
@ -98,7 +98,7 @@ public class UndertowWebServerFactoryCustomizer
|
||||
map.from(properties::getMaxParameters).to(serverOptions.option(UndertowOptions.MAX_PARAMETERS));
|
||||
map.from(properties::getMaxHeaders).to(serverOptions.option(UndertowOptions.MAX_HEADERS));
|
||||
map.from(properties::getMaxCookies).to(serverOptions.option(UndertowOptions.MAX_COOKIES));
|
||||
map.from(properties::isAllowEncodedSlash).to(serverOptions.option(UndertowOptions.ALLOW_ENCODED_SLASH));
|
||||
mapSlashProperties(properties, serverOptions);
|
||||
map.from(properties::isDecodeUrl).to(serverOptions.option(UndertowOptions.DECODE_URL));
|
||||
map.from(properties::getUrlCharset).as(Charset::name).to(serverOptions.option(UndertowOptions.URL_CHARSET));
|
||||
map.from(properties::isAlwaysSetKeepAlive).to(serverOptions.option(UndertowOptions.ALWAYS_SET_KEEP_ALIVE));
|
||||
@ -109,6 +109,14 @@ public class UndertowWebServerFactoryCustomizer
|
||||
map.from(properties.getOptions()::getSocket).to(socketOptions.forEach(socketOptions::option));
|
||||
}
|
||||
|
||||
@SuppressWarnings({ "deprecation", "removal" })
|
||||
private void mapSlashProperties(Undertow properties, ServerOptions serverOptions) {
|
||||
PropertyMapper map = PropertyMapper.get().alwaysApplyingWhenNonNull();
|
||||
map.from(properties::isAllowEncodedSlash).to(serverOptions.option(UndertowOptions.ALLOW_ENCODED_SLASH));
|
||||
map.from(properties::getDecodeSlash).to(serverOptions.option(UndertowOptions.DECODE_SLASH));
|
||||
|
||||
}
|
||||
|
||||
private boolean isPositive(Number value) {
|
||||
return value.longValue() > 0;
|
||||
}
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2012-2022 the original author or authors.
|
||||
* Copyright 2012-2023 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
@ -150,11 +150,18 @@ class UndertowWebServerFactoryCustomizerTests {
|
||||
}
|
||||
|
||||
@Test
|
||||
@Deprecated(forRemoval = true, since = "3.0.3")
|
||||
void allowEncodedSlashes() {
|
||||
bind("server.undertow.allow-encoded-slash=true");
|
||||
assertThat(boundServerOption(UndertowOptions.ALLOW_ENCODED_SLASH)).isTrue();
|
||||
}
|
||||
|
||||
@Test
|
||||
void enableSlashDecoding() {
|
||||
bind("server.undertow.decode-slash=true");
|
||||
assertThat(boundServerOption(UndertowOptions.DECODE_SLASH)).isTrue();
|
||||
}
|
||||
|
||||
@Test
|
||||
void disableUrlDecoding() {
|
||||
bind("server.undertow.decode-url=false");
|
||||
|
@ -1489,7 +1489,7 @@ bom {
|
||||
]
|
||||
}
|
||||
}
|
||||
library("Undertow", "2.3.3.Final") {
|
||||
library("Undertow", "2.3.4.Final") {
|
||||
group("io.undertow") {
|
||||
modules = [
|
||||
"undertow-core",
|
||||
|
Loading…
Reference in New Issue
Block a user