--- connectors/http11/src/java/org/apache/coyote/http11/Http11AprProcessor.java.orig	2010-07-13 17:18:51.349717000 -0400
+++ connectors/http11/src/java/org/apache/coyote/http11/Http11AprProcessor.java	2010-07-13 17:24:45.852380000 -0400
@@ -77,6 +77,7 @@
     protected static StringManager sm =
         StringManager.getManager(Constants.Package);
 
+    private int pluggableFilterIndex = Integer.MAX_VALUE;
 
     // ----------------------------------------------------------- Constructors
 
@@ -1690,6 +1691,8 @@
         //inputBuffer.addFilter(new GzipInputFilter());
         outputBuffer.addFilter(new GzipOutputFilter());
 
+        pluggableFilterIndex = inputBuffer.filterLibrary.length;
+
     }
 
 
@@ -1708,7 +1711,7 @@
                 (inputFilters[Constants.CHUNKED_FILTER]);
             contentDelimitation = true;
         } else {
-            for (int i = 2; i < inputFilters.length; i++) {
+            for (int i = pluggableFilterIndex; i < inputFilters.length; i++) {
                 if (inputFilters[i].getEncodingName()
                     .toString().equals(encodingName)) {
                     inputBuffer.addActiveFilter(inputFilters[i]);
--- connectors/http11/src/java/org/apache/coyote/http11/Http11Processor.java.orig	2010-07-13 17:19:23.308522000 -0400
+++ connectors/http11/src/java/org/apache/coyote/http11/Http11Processor.java	2010-07-13 17:26:40.443290000 -0400
@@ -79,6 +79,7 @@
         StringManager.getManager(Constants.Package);
 
 
+    private int pluggableFilterIndex = Integer.MAX_VALUE;
     // ----------------------------------------------------------- Constructors
 
 
@@ -1655,6 +1656,8 @@
         //inputBuffer.addFilter(new GzipInputFilter());
         outputBuffer.addFilter(new GzipOutputFilter());
 
+        pluggableFilterIndex = inputBuffer.filterLibrary.length;
+
     }
 
 
@@ -1673,7 +1676,7 @@
                 (inputFilters[Constants.CHUNKED_FILTER]);
             contentDelimitation = true;
         } else {
-            for (int i = 2; i < inputFilters.length; i++) {
+            for (int i = pluggableFilterIndex; i < inputFilters.length; i++) {
                 if (inputFilters[i].getEncodingName()
                     .toString().equals(encodingName)) {
                     inputBuffer.addActiveFilter(inputFilters[i]);
--- connectors/http11/src/java/org/apache/coyote/http11/filters/BufferedInputFilter.java.orig	2010-07-13 17:19:46.249482000 -0400
+++ connectors/http11/src/java/org/apache/coyote/http11/filters/BufferedInputFilter.java	2010-07-13 17:29:52.838092000 -0400
@@ -102,11 +102,14 @@
     }
 
     public void recycle() {
+       if(buffered != null)
+       {
         if (buffered.getBuffer().length > 65536) {
             buffered = null;
         } else {
             buffered.recycle();
         }
+       }
         tempRead.recycle();
         hasRead = false;
         buffer = null;
--- container/webapps/docs/changelog.xml.orig	2010-07-13 17:20:36.905938000 -0400
+++ container/webapps/docs/changelog.xml	2010-07-13 17:31:16.260366000 -0400
@@ -361,6 +361,8 @@
   </subsection>
   <subsection name="Coyote" >
     <changelog>
+      <fix>Arrange filter logic (jfclere) CVE-2010-2227
+      </fix>
       <fix>
         <bug>37869</bug>: Correctly extract client certificates, including the
         full certificate chain when using the APR/native HTTP connector. (markt)