Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix incorrect weak ETag validation #33374

Closed
wants to merge 1 commit into from

Conversation

kashike
Copy link
Contributor

@kashike kashike commented Aug 13, 2024

The validation logic checks for a prefix of W/ when it should be checking for W/". As per the spec (see here and here) this allows invalid values to pass through.

@spring-projects-issues spring-projects-issues added the status: waiting-for-triage An issue we've not yet triaged or decided on label Aug 13, 2024
@rstoyanchev rstoyanchev self-assigned this Aug 13, 2024
@rstoyanchev rstoyanchev added in: web Issues in web modules (web, webmvc, webflux, websocket) type: bug A general bug and removed status: waiting-for-triage An issue we've not yet triaged or decided on labels Aug 13, 2024
@rstoyanchev rstoyanchev added this to the 6.1.12 milestone Aug 13, 2024
@rstoyanchev rstoyanchev added for: backport-to-6.0.x status: backported An issue that has been backported to maintenance branches and removed for: backport-to-6.0.x labels Aug 13, 2024
rstoyanchev pushed a commit that referenced this pull request Aug 13, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
in: web Issues in web modules (web, webmvc, webflux, websocket) status: backported An issue that has been backported to maintenance branches type: bug A general bug
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants