Layer Preview URL contained a potentially malicious String

Description

This may be a difficult error to isolate, occurred when:

1. start GeoServer with default release data directory

2. Click layer preview, looks like establishing a session had bad luck and the jsessionid contained an invalid character

Update:

  • Also getting this error when I first start tomcat and go to the main localhost:8080/geoserver page

Environment

None

Activity

Show:
Muke Z
November 28, 2018, 4:54 AM

Hi Same issue here, I use http://SERVER/geoserver/j_spring_security_check to login and then it return that error

And I'm using the windows installer, so the web.xml file is it the one in webapps\geoserver\WEB-INF?

Thank

Stefan Koch
January 18, 2019, 11:47 AM

Issue still appearing with the latest 2.14 and 2.15M0 unfortunately. Only 2.13 does not have this issue. :-/

Andrea Aime
January 18, 2019, 11:49 AM

Eh, already two people showed interest in fixing it, one here, one in the linked issue, but no PR showed up yet....

Andrea Aime
February 8, 2019, 10:10 AM

I've made a PR to address this one, anyone wants to review?
https://github.com/geoserver/geoserver/pull/3355

Jody Garnett
February 9, 2019, 11:42 PM

Thanks Andrea I really appreciate this fix.

Fixed

Assignee

Andrea Aime

Reporter

Jody Garnett

Triage

None

Fix versions

Affects versions

Components

Priority

Medium
Configure