tomcat/CVE-2024-54677-9.patch

From 9ffd23fc27f5d1fc95bf97e5cea175c8968f4533 Mon Sep 17 00:00:00 2001
From: Mark Thomas <markt@apache.org>
Date: Fri, 6 Dec 2024 10:44:05 +0000
Subject: [PATCH] Revert change made for testing

---
 webapps/examples/WEB-INF/classes/RequestHeaderExample.java | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/webapps/examples/WEB-INF/classes/RequestHeaderExample.java b/webapps/examples/WEB-INF/classes/RequestHeaderExample.java
index e32f8c233674..b324e0250d8a 100644
--- a/webapps/examples/WEB-INF/classes/RequestHeaderExample.java
+++ b/webapps/examples/WEB-INF/classes/RequestHeaderExample.java
@@ -73,7 +73,7 @@ protected boolean prefersJSON(String acceptHeader) {
 
             // text/html, application/html, etc.
             if (accept.contains("html")) {
-                return true;
+                return false;
             }
         }
         return false;
Fix CVE-2024-50379 CVE-2024-54677 (cherry picked from commit 37b6fbcf4c334035b8423e43c24b2bea2397c27f) 2024-12-18 10:49:32 +08:00			`From 9ffd23fc27f5d1fc95bf97e5cea175c8968f4533 Mon Sep 17 00:00:00 2001`
			`From: Mark Thomas <markt@apache.org>`
			`Date: Fri, 6 Dec 2024 10:44:05 +0000`
			`Subject: [PATCH] Revert change made for testing`

			`---`
			`webapps/examples/WEB-INF/classes/RequestHeaderExample.java \| 2 +-`
			`1 file changed, 1 insertion(+), 1 deletion(-)`

			`diff --git a/webapps/examples/WEB-INF/classes/RequestHeaderExample.java b/webapps/examples/WEB-INF/classes/RequestHeaderExample.java`
			`index e32f8c233674..b324e0250d8a 100644`
			`--- a/webapps/examples/WEB-INF/classes/RequestHeaderExample.java`
			`+++ b/webapps/examples/WEB-INF/classes/RequestHeaderExample.java`
			`@@ -73,7 +73,7 @@ protected boolean prefersJSON(String acceptHeader) {`

			`// text/html, application/html, etc.`
			`if (accept.contains("html")) {`
			`- return true;`
			`+ return false;`
			`}`
			`}`
			`return false;`