Closed
Description
Affects:: spring-web 5.3.6
After updating from spring 5.2.8 to 5.3.6 we noticed that ForwardedHeaderFilter would throw:
java.lang.IllegalArgumentException: Invalid IPv4 address: 2a02:1810:84ae:d800:c8da:d498:64ec:6edb
at org.springframework.web.util.UriComponentsBuilder.parseForwardedFor(UriComponentsBuilder.java:363)
at org.springframework.web.filter.ForwardedHeaderFilter$ForwardedHeaderExtractingRequest.<init>(ForwardedHeaderFilter.java:246)
The code before:
String baseUrl = this.scheme + "://" + this.host + (port == -1 ? "" : ":" + port);
Supplier<HttpServletRequest> delegateRequest = () -> (HttpServletRequest) getRequest();
this.forwardedPrefixExtractor = new ForwardedPrefixExtractor(delegateRequest, baseUrl);
The code as is:
this.remoteAddress = UriComponentsBuilder.parseForwardedFor(request, request.getRemoteAddress());
String baseUrl = this.scheme + "://" + this.host + (port == -1 ? "" : ":" + port);
Supplier<HttpServletRequest> delegateRequest = () -> (HttpServletRequest) getRequest();
this.forwardedPrefixExtractor = new ForwardedPrefixExtractor(delegateRequest, baseUrl);```
The invocation of UriComponentsBuilder.parseForwardedFor only support IPv4.