tapestry-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jesse Kuhnert (JIRA)" <tapestry-...@jakarta.apache.org>
Subject [jira] Created: (TAPESTRY-1175) security flaw - unprotected asset regexp paths allow access to other things
Date Tue, 05 Dec 2006 17:16:20 GMT
security flaw - unprotected asset regexp paths allow access to other things
---------------------------------------------------------------------------

                 Key: TAPESTRY-1175
                 URL: http://issues.apache.org/jira/browse/TAPESTRY-1175
             Project: Tapestry
          Issue Type: Bug
          Components: Framework
    Affects Versions: 4.1.1
         Environment: any
            Reporter: Jesse Kuhnert
         Assigned To: Jesse Kuhnert
            Priority: Blocker
             Fix For: 4.1.1


As pointed out on the dev list, the current basic strings "dojo/" and "tapestry/" aren't enough
to prevent access to other resources. (such as a class in a package like foo.tapestry.pages
) 

Investigate using the beginning of line specifier "^" or whatever else works. This definitely
needs to be fixed before 4.1.1 goes out.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tapestry.apache.org
For additional commands, e-mail: dev-help@tapestry.apache.org


Mime
View raw message