*/
    @Execute
    @Secured({ ROLE, ROLE + VIEW })
    public HtmlResponse search(final SearchForm form) {
        copyBeanToBean(form, reqHeaderPager, op -> op.exclude(Constants.PAGER_CONVERSION_RULE));
        return asHtml(path_AdminReqheader_AdminReqheaderJsp).renderWith(data -> {
            searchPaging(data, form);
        });
    }

    /**

     */
    @Execute
    @Secured({ ROLE, ROLE + VIEW })
    public HtmlResponse search(final SearchForm form) {
        copyBeanToBean(form, fileAuthenticationPager, op -> op.exclude(Constants.PAGER_CONVERSION_RULE));
        return asHtml(path_AdminFileauth_AdminFileauthJsp).renderWith(data -> {
            searchPaging(data, form);
        });
    }

    /**

## CSRF Risk { #csrf-risk }

This default behavior provides protection against a class of **Cross-Site Request Forgery (CSRF)** attacks in a very specific scenario.

These attacks exploit the fact that browsers allow scripts to send requests without doing any CORS preflight check when they:

* don't have a `Content-Type` header (e.g. using `fetch()` with a `Blob` body)
* and don't send any authentication credentials.

 * without changing the iterator's state, using the {@link #hasNext} method. But many data sources,
 * such as {@link java.io.Reader#read()}, do not expose this information; the only way to discover
 * whether there is any data left is by trying to retrieve it. These types of data sources are
 * ordinarily difficult to write iterators for. But using this class, one must implement only the

import java.util.List;
import java.util.function.Predicate;
import java.util.stream.Collectors;

import org.apache.maven.artifact.Artifact;
import org.apache.maven.model.Exclusion;

/**
 * Filter to exclude from a list of artifact patterns.
 */
public class ExclusionArtifactFilter implements ArtifactFilter {

    private final List<Exclusion> exclusions;
    private final List<Predicate<Artifact>> predicates;

issue (DoS, authentication bypass, information disclose, ...) and the assumptions you're making (e.g. do
you need access credentials for a successful exploit).

If you have not received a reply to your email within 48 hours or you have not heard from the security team
for the past five days please contact the security team directly:

- Primary security coordinator: ******@****.***

                "-Dscan.value.coverageArch=amd64",
                "-Dscan.value.coverageJvmVendor=openjdk",
                "-Dscan.value.coverageJvmVersion=java25",
                "-PflakyTests=exclude",
                "-Dscan.tag.Check",
                "-Dscan.tag.PullRequestFeedback",
                "-PteamCityBuildId=%teamcity.build.id%",
                "-Dorg.gradle.java.installations.auto-download=false",

crawler.document.html.default.include.index.patterns=
# Patterns to exclude for HTML index processing.
crawler.document.html.default.exclude.index.patterns=(?i).*(css|js|jpeg|jpg|gif|png|bmp|wmv|xml|ico|exe)
# Patterns to include for HTML search processing.
crawler.document.html.default.include.search.patterns=
# Patterns to exclude for HTML search processing.
crawler.document.html.default.exclude.search.patterns=

# file

/**
 * This servlet may be used to "browse" the entire hierarchy of resources
 * on an SMB network like one might with Network Neighborhood or Windows
 * Explorer. The users credentials with be negotiated using NTLM SSP if
 * the client is Microsoft Internet Explorer.
 *
 * @deprecated Unsupported
 */
@Deprecated
/**
 * A servlet that provides network browsing capabilities for SMB shares.

		},
		config.KV{
			Key:   Extensions,
			Value: DefaultExtensions,
		},
		config.KV{
			Key:   MimeTypes,
			Value: DefaultMimeTypes,
		},
	}
)

// Parses the given compression exclude list `extensions` or `content-types`.
func parseCompressIncludes(include string) ([]string, error) {
	includes := strings.Split(include, config.ValueSeparator)
	for _, e := range includes {
		if len(e) == 0 {