Skip to content

Remove support for relative paths in static resource handling #33687

New issue
New issue
Closed
Closed
Remove support for relative paths in static resource handling#33687
Assignees
rstoyanchev
Labels
in: webIssues in web modules (web, webmvc, webflux, websocket)type: enhancementA general enhancement
Milestone
6.2.0-RC2
@rstoyanchev

Description

@rstoyanchev
rstoyanchev
opened on Oct 11, 2024

Following thes updates to URL parsing in #33639, it's clear that with the WhatWg URL Living Standard spec, there is no good reason to expect URL paths that are not normalized. Those have been a source of security issues, and while we have protections against them in static resource handling, and they are also rejected by the Spring Security firewall, we can now drop support for them altogether going forward.

Metadata

Metadata

Assignees

Labels

in: webIssues in web modules (web, webmvc, webflux, websocket)type: enhancementA general enhancement

Type

No type

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions