The HttpFirewall configuration for the CAE can now be configured using the configuration properties cae.http-firewall.allow-* . For more information see Content Application Developer Manual - Spring Security

The HttpFirewall configuration for the default CAE is more restrictive now. All special characters that only have to be allowed in URLs when using the LiveContext extensions are now rejected for the default CAE (when LiveContext extensions are disabled).

(CMS-17381)