You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tapestry.apache.org by "Jesse Kuhnert (JIRA)" <ta...@jakarta.apache.org> on 2006/12/07 00:12:21 UTC
[jira] Resolved: (TAPESTRY-1175) security flaw - unprotected asset
regexp paths allow access to other things
[ http://issues.apache.org/jira/browse/TAPESTRY-1175?page=all ]
Jesse Kuhnert resolved TAPESTRY-1175.
-------------------------------------
Resolution: Fixed
Fixed via suggestion of "^" begin of line regexp.
> security flaw - unprotected asset regexp paths allow access to other things
> ---------------------------------------------------------------------------
>
> Key: TAPESTRY-1175
> URL: http://issues.apache.org/jira/browse/TAPESTRY-1175
> Project: Tapestry
> Issue Type: Bug
> Components: Framework
> Affects Versions: 4.1.1
> Environment: any
> Reporter: Jesse Kuhnert
> Assigned To: Jesse Kuhnert
> Priority: Blocker
> Fix For: 4.1.1
>
>
> As pointed out on the dev list, the current basic strings "dojo/" and "tapestry/" aren't enough to prevent access to other resources. (such as a class in a package like foo.tapestry.pages )
> Investigate using the beginning of line specifier "^" or whatever else works. This definitely needs to be fixed before 4.1.1 goes out.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tapestry.apache.org
For additional commands, e-mail: dev-help@tapestry.apache.org