Skip to content

Fix HttpSessionRequestCache#getMatchingRequest query string parsing#16914

Merged
jzheaux merged 1 commit into
spring-projects:6.5.xfrom
Kehrlann:gh-16656
Mar 23, 2026
Merged

Fix HttpSessionRequestCache#getMatchingRequest query string parsing#16914
jzheaux merged 1 commit into
spring-projects:6.5.xfrom
Kehrlann:gh-16656

Conversation

@Kehrlann

@Kehrlann Kehrlann commented Apr 9, 2025
edited
Loading

Copy link
Copy Markdown
Contributor

Issue

URL parsing changed in framework 6.2 (security 6.4), and now fails when path contains a % sign. As a result, the HttpSessionRequestCache fails on every request where the path contains a % sign.

Resolution

We do not need to parse a full URL, just to inspect the query string for the matching parameter. We don't use the current request path in UriComponentsBuilder to extract the query string.

Fixes gh-16656

@Kehrlann Kehrlann changed the title Fix HttpSessionRequestCache#getMatchingRequest query string parsing Fix HttpSessionRequestCache#getMatchingRequest query string parsing Apr 9, 2025
@spring-projects-issues spring-projects-issues added the status: waiting-for-triage An issue we've not yet triaged label Apr 9, 2025
@jzheaux jzheaux self-assigned this Apr 23, 2025
@jzheaux jzheaux added in: web An issue in web modules (web, webmvc) type: bug A general bug and removed status: waiting-for-triage An issue we've not yet triaged labels Apr 23, 2025
@jzheaux jzheaux added this to the 6.4.6 milestone Apr 23, 2025
@jzheaux jzheaux mentioned this pull request Apr 29, 2025
Closed
@jzheaux jzheaux modified the milestones: 6.4.6, 6.4.x May 19, 2025
@jzheaux jzheaux removed their assignment May 23, 2025
@jzheaux jzheaux modified the milestones: 6.4.x, 6.5.10 Mar 23, 2026
@jzheaux jzheaux self-assigned this Mar 23, 2026
@Kehrlann @jzheaux
Fix HttpSessionRequestCache#getMatchingRequest query string parsing
b44e65b 
- URL parsing changed in framework 6.2, and fails when path contains a % sign.
- The HttpSessionRequestCache only needs to inspect the query string, not the full URL.

Fixes spring-projectsgh-16656

Signed-off-by: Daniel Garnier-Moiroux <[email protected]>
@jzheaux jzheaux changed the base branch from 6.4.x to 6.5.x March 23, 2026 23:39
@jzheaux jzheaux enabled auto-merge (rebase) March 23, 2026 23:41
@jzheaux jzheaux merged commit aeb5fc1 into spring-projects:6.5.x Mar 23, 2026
6 checks passed
@jzheaux

jzheaux commented Mar 23, 2026

Copy link
Copy Markdown
Collaborator

Thanks for the PR, @Kehrlann. This has been merged to 6.5.x, 7.0.x, and main.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@jzheaux jzheaux

Labels

in: web An issue in web modules (web, webmvc) type: bug A general bug

Projects

None yet

Milestone

6.5.10

Development

Successfully merging this pull request may close these issues.

3 participants

@Kehrlann @jzheaux @spring-projects-issues