We recently tried to update from 184.108.40.206 to 220.127.116.11 based on
https://struts.apache.org/docs/s2-026.html, we are hitting regressions issues due to a change in CookieInterceptor.
It's currently using the same accepted_pattern to check out both name & value to pass around the cookies. When the cookie values are simple, it works. When the cookie value carries a special chars for example a url is the cookie value, it fails with the existing pattern and it is not passed to actions.
I didn't find a way getting around this in the config and this has been a blocker for us to update to the version.
Why are we checking for cookie values with the same hardcoded pattern only ? If there is a way to workaround this in the config?
private static final String ACCEPTED_PATTERN = "[a-zA-Z0-9\\.\\]\\[_'
protected boolean isAcceptableValue(String value)