Non reproducible error when redirect to another url (SAML,..)
Concerned version
Version: %2.16.1-1 (Ubuntu)
Platform: Various
Summary
We updated from 2.0.13 to 2.16.1 and got an non-reproducible-error when redirecting to another url (as used for SAML authentification). Some perl processes worked without problems. With higher load, we get more and more processes with "Bad URL" errors. After a restart of the service the error vanished first, but than grows up to about 50% redirection with an error message. We are not sure, what caused the error and if it's a security issue. Downgrading back to 2.0.13 solved the issue.
Hint: The same problem happenend in version 2.0.16
Logs
Apr 6 18:34:05 XHOSTX LLNG[44612]: [debug] Required Params URL: URI::https=SCALAR(0x563e0fd10f40)
Apr 6 18:34:05 XHOSTX LLNG[44612]: [debug] Set CSP form-action with Params URL: URI::https=SCALAR(0x563e0fd10f40)
Apr 6 18:34:14 XHOSTX LLNG[44591]: [debug] [error] Bad URL URI::https=SCALAR(0x563e0fdd1838)
Apr 6 18:34:26 XHOSTX LLNG[44593]: [debug] [error] Bad URL URI::https=SCALAR(0x563e0fdedbb8)
Apr 6 18:36:22 XHOSTX LLNG[44589]: [debug] [error] Bad URL URI::https=SCALAR(0x563e0e9a2e38)
Apr 6 18:37:59 XHOSTX LLNG[44589]: [debug] Required urldc: URI::https=SCALAR(0x563e0de5de78)
Apr 6 18:37:59 XHOSTX LLNG[44589]: [debug] Set CSP form-action with urldc: URI::https=SCALAR(0x563e0de5de78)
Apr 6 18:37:59 XHOSTX LLNG[44589]: [debug] Required Params URL: URI::https=SCALAR(0x563e0de5de78)
Apr 6 18:37:59 XHOSTX LLNG[44589]: [debug] Set CSP form-action with Params URL: URI::https=SCALAR(0x563e0de5de78)
Apr 6 18:38:26 XHOSTX LLNG[44603]: [debug] [error] Bad URL URI::https=SCALAR(0x563e0fd74fd0)
Apr 6 18:39:47 XHOSTX LLNG[44589]: [debug] [error] Bad URL URI::https=SCALAR(0x563e0e8df388)
Apr 6 18:41:17 XHOSTX LLNG[44596]: [debug] [error] Bad URL URI::https=SCALAR(0x563e0fd9eb08)
Apr 6 18:44:16 XHOSTX LLNG[44611]: [debug] [error] Bad URL URI::https=SCALAR(0x55c915768d50)
Backends used
We use redis as backend
Possible fixes
Downgrade to former version