You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@cxf.apache.org by "Freeman Yue Fang (Jira)" <ji...@apache.org> on 2021/03/18 18:55:00 UTC

[jira] [Resolved] (CXF-8437) DefaultHostnameVerifier accepts any certificate as valid which is a secure issue

     [ https://issues.apache.org/jira/browse/CXF-8437?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Freeman Yue Fang resolved CXF-8437.
-----------------------------------
    Resolution: Duplicate

> DefaultHostnameVerifier   accepts any certificate as valid which is a secure issue
> ----------------------------------------------------------------------------------
>
>                 Key: CXF-8437
>                 URL: https://issues.apache.org/jira/browse/CXF-8437
>             Project: CXF
>          Issue Type: Improvement
>    Affects Versions: 3.4.2
>            Reporter: Alan Mehio
>            Assignee: Freeman Yue Fang
>            Priority: Minor
>
> The GitHub code scanning  is  flagging an error[ see|[https://github.com/apache/cxf/pull/755/checks?check_run_id=2125425364]]
>  for this security issue  [unsafe hostname verification|https://codeql.github.com/codeql-query-help/java/java-unsafe-hostname-verification/]
> from CodeQL documenation.  
> Any idea if the Github new annotation on unchanged files is helping or it is disturbing  
>   



--
This message was sent by Atlassian Jira
(v8.3.4#803005)