From 1ddab86ef92f2915446d6fefa8b796b8311ed3e0 Mon Sep 17 00:00:00 2001
From: Mark Thomas <markt@apache.org>
Date: Tue, 22 Aug 2023 12:31:23 -0600
Subject: [PATCH 1/2] Avoid protocol relative redirects

---
 .../apache/catalina/authenticator/FormAuthenticator.java    | 6 ++++++
 webapps/docs/changelog.xml                                  | 3 +++
 2 files changed, 9 insertions(+)

diff --git a/java/org/apache/catalina/authenticator/FormAuthenticator.java b/java/org/apache/catalina/authenticator/FormAuthenticator.java
index 4a90f5b4008d..5feb53db8989 100644
--- a/java/org/apache/catalina/authenticator/FormAuthenticator.java
+++ b/java/org/apache/catalina/authenticator/FormAuthenticator.java
@@ -733,6 +733,12 @@ protected String savedRequestURL(Session session) {
             sb.append('?');
             sb.append(saved.getQueryString());
         }
+
+        // Avoid protocol relative redirects
+        while (sb.length() > 1 && sb.charAt(1) == '/') {
+            sb.deleteCharAt(0);
+        }
+
         return sb.toString();
     }
 }
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index aac602d3df4f..6c4d150c2ec2 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -74,6 +74,9 @@
         interrupting the thread first. Based on a pull request by Govinda
         Sakhare. (markt)
       </add>
+      <fix>
+        Avoid protocol relative redirects in FORM authentication. (markt)
+      </fix>
       <fix>
         <bug>64226</bug>: Reset timezone after parsing a date since the date
         format is reused. Test case submitted by Gary Thomas. (remm)

From 2052b77e42745ab09d9958d7e7d35f5d00f34ee3 Mon Sep 17 00:00:00 2001
From: Cesar Hernandez <cfhernan123@gmail.com>
Date: Tue, 5 Sep 2023 16:55:38 -0600
Subject: [PATCH 2/2] Prepare release for 7.0.104-SP.10

---
 build.properties.default | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/build.properties.default b/build.properties.default
index 239ad4fa59d8..f5d97f0ffb01 100644
--- a/build.properties.default
+++ b/build.properties.default
@@ -27,7 +27,7 @@ version.major=7
 version.minor=0
 version.build=104
 version.patch=0
-version.suffix=-SP.9
+version.suffix=-SP.10
 
 # ----- Source control flags -----
 git.branch=7.0.x