-
Bug
-
Resolution: Unresolved
-
Minor
-
None
Note that this ticket is somehow related to JENKINS-73129
How to reproduce
Given a Jenkins configured to use LDAP as Security Realm.
Given a user with a `\` in the username.
What is the behavior
The user is allowed to sign-in:
But the user page gives this error:
And the drop down menu is broken
What is the expected behavior
Here is the expected behavior (Jenkins 2.461)
- relates to
-
JENKINS-73129 Jetty 12 test failure DirectoryBrowserSupportTest
-
- Closed
-
- links to
We consistently use UriCompliance.LEGACY in
which is documented as follows:
Yet this compliance mode contains https://javadoc.jetty.org/jetty-12/org/eclipse/jetty/http/UriCompliance.Violation.html#SUSPICIOUS_PATH_CHARACTERS as described in https://jakarta.ee/specifications/servlet/6.0/jakarta-servlet-spec-6.0.html#uri-path-canonicalization which does not actually model legacy Jetty behavior (as claimed in the documentation); rather, the behavior is more strict than the legacy Jetty behavior. Suggest reporting this issue to the Jetty developers.