james-server-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Felix Knecht (JIRA)" <j...@apache.org>
Subject [jira] Commented: (PROTOCOLS-18) May expose internal representation by storing an externally mutable object
Date Mon, 07 Mar 2011 10:30:59 GMT

    [ https://issues.apache.org/jira/browse/PROTOCOLS-18?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13003314#comment-13003314
] 

Felix Knecht commented on PROTOCOLS-18:
---------------------------------------

Detailed problem is:

new org.apache.james.protocols.impl.AbstractSSLAwareChannelPipelineFactory(int, int, int,
ChannelGroup, String[]) may expose internal representation by storing an externally mutable
object into AbstractSSLAwareChannelPipelineFactory.enabledCipherSuites

> May expose internal representation by storing an externally mutable object
> --------------------------------------------------------------------------
>
>                 Key: PROTOCOLS-18
>                 URL: https://issues.apache.org/jira/browse/PROTOCOLS-18
>             Project: JAMES Protocols
>          Issue Type: Bug
>          Components: lmtp
>    Affects Versions: 1.2.1
>         Environment: all
>            Reporter: Felix Knecht
>            Assignee: Norman Maurer
>              Labels: security
>         Attachments: enabledCipherSuites.patch
>
>
> This might become a security problem. See also http://people.apache.org/~felixk/james/protocols/trunk/protocols-impl/findbugs.html#org.apache.james.protocols.impl.AbstractSSLAwareChannelPipelineFactory

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira

---------------------------------------------------------------------
To unsubscribe, e-mail: server-dev-unsubscribe@james.apache.org
For additional commands, e-mail: server-dev-help@james.apache.org


Mime
View raw message