You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@velocity.apache.org by GitBox <gi...@apache.org> on 2020/10/26 03:39:36 UTC

[GitHub] [velocity-tools] natechadwick edited a comment on pull request #9: Fixed Reflected XSS Vuln

natechadwick edited a comment on pull request #9:
URL: https://github.com/apache/velocity-tools/pull/9#issuecomment-716284428


   This is a shared library so I can see @mkienenb point on compatibility.  They may be relying on that exception as it was documented or expected to be thrown from that API.   This is going to create a security issue for any Velocity Tools users even if we aren't using view / mvc packages but are using Velocity Tools.   If it is just an encoding issue in the error message - and that fixes the problem, why not just do that?


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@velocity.apache.org
For additional commands, e-mail: dev-help@velocity.apache.org