From e60b70449ece96edf7179e21fb32aad5bc7d2807 Mon Sep 17 00:00:00 2001
From: wihodg <william.hodges@sas.com>
Date: Thu, 14 Aug 2025 10:41:58 -0400
Subject: [PATCH 1/2] Disallow GET requests to /management/commands endpoint

---
 .../internal/web/controllers/ShellCommandsController.java       | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/geode-web/src/main/java/org/apache/geode/management/internal/web/controllers/ShellCommandsController.java b/geode-web/src/main/java/org/apache/geode/management/internal/web/controllers/ShellCommandsController.java
index dc7a8f0ced00..3bc43a48e8d8 100644
--- a/geode-web/src/main/java/org/apache/geode/management/internal/web/controllers/ShellCommandsController.java
+++ b/geode-web/src/main/java/org/apache/geode/management/internal/web/controllers/ShellCommandsController.java
@@ -79,7 +79,7 @@ public class ShellCommandsController extends AbstractCommandsController {
 
   private static final String DEFAULT_INDEX_TYPE = "range";
 
-  @RequestMapping(method = {RequestMethod.GET, RequestMethod.POST}, value = "/management/commands")
+  @RequestMapping(method = {RequestMethod.POST}, value = "/management/commands")
   public ResponseEntity<InputStreamResource> command(@RequestParam(value = "cmd") String command,
       @RequestParam(value = "resources", required = false) MultipartFile[] fileResource)
       throws IOException {

From 351cb7a7e54ff8db0665ad77fb8cd1efbccca728 Mon Sep 17 00:00:00 2001
From: wihodg <william.hodges@sas.com>
Date: Thu, 14 Aug 2025 10:41:58 -0400
Subject: [PATCH 2/2] Disallow GET requests to /management/commands endpoint

---
 .../internal/web/controllers/ShellCommandsController.java       | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/geode-web/src/main/java/org/apache/geode/management/internal/web/controllers/ShellCommandsController.java b/geode-web/src/main/java/org/apache/geode/management/internal/web/controllers/ShellCommandsController.java
index dc7a8f0ced00..3bc43a48e8d8 100644
--- a/geode-web/src/main/java/org/apache/geode/management/internal/web/controllers/ShellCommandsController.java
+++ b/geode-web/src/main/java/org/apache/geode/management/internal/web/controllers/ShellCommandsController.java
@@ -79,7 +79,7 @@ public class ShellCommandsController extends AbstractCommandsController {
 
   private static final String DEFAULT_INDEX_TYPE = "range";
 
-  @RequestMapping(method = {RequestMethod.GET, RequestMethod.POST}, value = "/management/commands")
+  @RequestMapping(method = {RequestMethod.POST}, value = "/management/commands")
   public ResponseEntity<InputStreamResource> command(@RequestParam(value = "cmd") String command,
       @RequestParam(value = "resources", required = false) MultipartFile[] fileResource)
       throws IOException {