]
Ivo Studensky updated WFLY-9724:
--------------------------------
Summary: Undertow does not allow UTF-8 characters in URLs (was: [GSS](7.1.z) Undertow
does not allow UTF-8 characters in URLs)
Undertow does not allow UTF-8 characters in URLs
------------------------------------------------
Key: WFLY-9724
URL:
https://issues.jboss.org/browse/WFLY-9724
Project: WildFly
Issue Type: Bug
Components: Web (Undertow)
Reporter: Stuart Douglas
Assignee: Stuart Douglas
Labels: downstream_dependency, qe-pre-ack
We receive a 400 response code if using UTF-8 characters for a request, due to this
check:
https://github.com/undertow-io/undertow/blob/master/core/src/main/java/io...
This was introduced in UNDERTOW-1101. We want to understand why it is necessary for the
CVE/CWE regarding request smuggling, but this ticket is to at least make this check
optional as it goes against the URL_ENCODING UndertowOption when set to UTF-8 (default).