Closed infeo closed 2 years ago
It is caused by a security fix in jetty for https://github.com/eclipse/jetty.project/security/advisories/GHSA-v7ff-8wcx-gmc5.
Without configuration, jetty is now stricter than RFC 3986 when parsing URLs and blocks certain rfc3986-valid URLs. For more info, see also https://github.com/eclipse/jetty.project/pull/6003 and https://github.com/eclipse/jetty.project/issues/6132
Fixed in 101b963d2ad4a519d47909e64d0fb20672ed11da by allowing AMBIGUOUS_PATH_SEPERATOR
and AMBIGUOUS_PATH_ENCODING
(see http://www.eclipse.org/jetty/javadoc/jetty-10/org/eclipse/jetty/http/UriCompliance.html and its VIOLATION subclass)
Files containing a % cannot be opened anymore. Activating the debug log level, the following stack trace appears in the log when accessing the file:
This bug first appeared when updating jetty from 10.0.2 to 10.0.3 in 99594edf958510411eb3f98cd5eecb7f87111664.