Index: 3rdParty_sources/csrfguard/org/owasp/csrfguard/util/CsrfGuardUtils.java =================================================================== diff -u -rd25fe80a3034172a51168d74cd1476895df0e8cd -rcc49bb0bda7481a09780430292c0b916e042447e --- 3rdParty_sources/csrfguard/org/owasp/csrfguard/util/CsrfGuardUtils.java (.../CsrfGuardUtils.java) (revision d25fe80a3034172a51168d74cd1476895df0e8cd) +++ 3rdParty_sources/csrfguard/org/owasp/csrfguard/util/CsrfGuardUtils.java (.../CsrfGuardUtils.java) (revision cc49bb0bda7481a09780430292c0b916e042447e) @@ -135,7 +135,12 @@ } public static String normalizeResourceURI(final String resourceURI) { - return resourceURI.startsWith("/") ? resourceURI : '/' + resourceURI; + String normalizedResourceURI = resourceURI.startsWith("/") ? resourceURI : '/' + resourceURI; + + // LAMS LDEV-4932 Replace multiple slashes with a single one, so it works the same as Spring MVC + normalizedResourceURI = normalizedResourceURI.replaceAll("/{2,}", "/"); + + return normalizedResourceURI; } private static String readInputStreamContent(final InputStream inputStream) { Index: 3rdParty_sources/versions.txt =================================================================== diff -u -rd25fe80a3034172a51168d74cd1476895df0e8cd -rcc49bb0bda7481a09780430292c0b916e042447e --- 3rdParty_sources/versions.txt (.../versions.txt) (revision d25fe80a3034172a51168d74cd1476895df0e8cd) +++ 3rdParty_sources/versions.txt (.../versions.txt) (revision cc49bb0bda7481a09780430292c0b916e042447e) @@ -25,8 +25,9 @@ Commons Validator 1.6 -CSRF Guard 4.1.3 +CSRF Guard 4.1.3 with a custom modification in CsrfGuardUtils.java + Etherpad Client 1.2.13 Hibernate Core 5.3.6 Index: lams_build/lib/csrfguard/csrf.module.xml =================================================================== diff -u -r3582a26f019d77b921db0379ca2516dd51860bde -rcc49bb0bda7481a09780430292c0b916e042447e --- lams_build/lib/csrfguard/csrf.module.xml (.../csrf.module.xml) (revision 3582a26f019d77b921db0379ca2516dd51860bde) +++ lams_build/lib/csrfguard/csrf.module.xml (.../csrf.module.xml) (revision cc49bb0bda7481a09780430292c0b916e042447e) @@ -24,7 +24,7 @@ - + Index: lams_build/lib/csrfguard/csrfguard-4.1.3-custom-2022.04.03.jar =================================================================== diff -u Binary files differ Index: lams_build/lib/csrfguard/csrfguard-4.1.3.jar =================================================================== diff -u -r3582a26f019d77b921db0379ca2516dd51860bde -rcc49bb0bda7481a09780430292c0b916e042447e Binary files differ Index: lams_build/liblist.txt =================================================================== diff -u -r3582a26f019d77b921db0379ca2516dd51860bde -rcc49bb0bda7481a09780430292c0b916e042447e --- lams_build/liblist.txt (.../liblist.txt) (revision 3582a26f019d77b921db0379ca2516dd51860bde) +++ lams_build/liblist.txt (.../liblist.txt) (revision cc49bb0bda7481a09780430292c0b916e042447e) @@ -24,8 +24,8 @@ clamav-client clamav-client-2.0.2.jar 2.0.2 MIT cdarras on GitHub ClamAV antivirus client -csrfguard csrfguard-4.1.3.jar 4.1.3 BSD License OWASP prevents CSRF attacks - +csrfguard csrfguard-4.1.3-custom-2022.04.03.jar custom build BSD License OWASP prevents CSRF attacks + based on 4.1.3 4.1.3 tag with a custom modification in CsrfGuardUtils.java etherpad etherpad_lite_client-1.2.13.jar 1.2.13 Apache License 2.0 Nils Fredrik Gjerull Client for Etherpad fckeditor fckeditor-java-core-2.6.jar 2.6 GPL, LGPL, MPL Frederico Caldeira Knabben Java connector for CKEditor