-
Type:
Bug
-
Status: Resolved
-
Priority:
Minor
-
Resolution: Fixed
-
Affects Version/s: 3.0.0-alpha-1, 2.2.0, 2.3.0, 2.1.5
-
Fix Version/s: 3.0.0-alpha-1, 2.3.0, 2.2.3, 2.1.9
-
Component/s: profiler
-
Labels:None
ProfileOutputServlet sanitizes the input URL but fails when the query string contains dot or hyphen. These are valid characters for the hostname.
Example URL part:
/prof-output/async-prof-pid-122466-cpu-1.svg?host=myhost-1.example.com&port=16010
In this case the user gets the following error message:
HTTP ERROR: 500 Problem accessing /prof-output/async-prof-pid-122466-cpu-1.svg. Reason: java.lang.RuntimeException: Non-alphanumeric data found in input, aborting. Powered by Jetty:// 9.3.27.v20190418
- links to