On 08/04/2018 21:29, Christopher Schultz wrote: <snip/>
Does Tomcat do its own UTF-8 decoding because the JVM doesn't have a facility to convert from ByteBuffer to CharBuffer? That seems like something the JVM really should be providing...
No. It does it because the JRE UTF-8 decoder is buggy. Some bugs were fixed in Java 8 and the rest in Java 9 so we need this decoder until Java 9 is the minimum.
The issue is that incorrect decoding can lead to 'unexpected' behaviour when parsing URLs (read some form of security vulnerability).
Mark --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
