Chapter 1. New features and enhancements
Red Hat JBoss Core Services (JBCS) 2.4.57 Service Pack 5 includes the following new features and enhancements.
1.1. JBCS support for UnsafeAllow3F
flag for URL rewrites
JBCS 2.4.57 Service Pack 5 introduces support for the UnsafeAllow3F
flag, which you can specify as part of the RewriteRule
directive of the mod_rewrite
module.
You must set the UnsafeAllow3F
flag if you want to allow a URL rewrite to continue when the HTTP request has an encoded question mark, %3f
, and the rewritten result has a ?
character in the substitution. This flag protects the HTTP request from a malicious URL that could take advantage of a capture and re-substitution of the encoded question mark.
For more information, see RewriteRule Flags: UnsafeAllow3F.
1.2. JBCS support for UnsafePrefixStat
flag for URL rewrites
JBCS 2.4.57 Service Pack 5 introduces support for the UnsafePrefixStat
flag, which you can specify as part of the RewriteRule
directive of the mod_rewrite
module.
You must set the UnsafePrefixStat
flag in server-scoped substitutions that start with a variable or back-reference and resolve to a file-system path. These substitutions are not prefixed with the document root. This flag protects the HTTP request from a malicious URL that could cause the expanded substitution to map to an unexpected file-system location.
For more information, see RewriteRule Flags: UnsafePrefixStat.