Description of problem: Same request with JWS-717 [1] for EAP 6.4.x. As a result of CVE-2016-6816 unencoded characters are rejected as invalid. Unfortunately some clients are still behaving that way and were being rejected by EAP 6.4.13+(jbossweb). An option has been added that will allow you to accept unencoded {, }, and | characters. [1] https://issues.jboss.org/browse/JWS-717 Version-Release number of selected component (if applicable): How reproducible: Steps to Reproduce: 1. 2. 3. Actual results: Expected results: Additional info:
Note that the websites need fixing sooner or later (I recommend sooner). *** This bug has been marked as a duplicate of bug 1489846 ***