You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@maven.apache.org by GitBox <gi...@apache.org> on 2021/08/22 07:01:06 UTC

[GitHub] [maven-scripting-plugin] rmannibucau commented on pull request #4: [MSCRIPTING-7] binding the session and servers helper in binding context

rmannibucau commented on pull request #4:
URL: https://github.com/apache/maven-scripting-plugin/pull/4#issuecomment-903223816


   @rfscholte will you also prevent using any mojo? It is the same security level. Without that this plugin is not that helping in most cases IMHO (no easy website custo/generation), no CI/CD etc...
   Worked around this lack by using exec plugin and a custom maven deceypter - it is just 100LoC but the security point is clearly not accurate for any mojo since they all have access to it and they are all - script or not - part of the build. Preventing a script not in the project is a thing but not all other cases technically speaking.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@maven.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org