Chapter 1. New features and enhancements
Red Hat JBoss Core Services (JBCS) 2.4.57 Service Pack 5 includes the following new features and enhancements.
1.1. JBCS support for UnsafeAllow3F flag for URL rewrites
JBCS 2.4.57 Service Pack 5 introduces support for the UnsafeAllow3F flag, which you can specify as part of the RewriteRule directive of the mod_rewrite module.
You must set the UnsafeAllow3F flag if you want to allow a URL rewrite to continue when the HTTP request has an encoded question mark, %3f, and the rewritten result has a ? character in the substitution. This flag protects the HTTP request from a malicious URL that could take advantage of a capture and re-substitution of the encoded question mark.
For more information, see RewriteRule Flags: UnsafeAllow3F.
1.2. JBCS support for UnsafePrefixStat flag for URL rewrites
JBCS 2.4.57 Service Pack 5 introduces support for the UnsafePrefixStat flag, which you can specify as part of the RewriteRule directive of the mod_rewrite module.
You must set the UnsafePrefixStat flag in server-scoped substitutions that start with a variable or back-reference and resolve to a file-system path. These substitutions are not prefixed with the document root. This flag protects the HTTP request from a malicious URL that could cause the expanded substitution to map to an unexpected file-system location.
For more information, see RewriteRule Flags: UnsafePrefixStat.
