You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@cxf.apache.org by "Alan Mehio (Jira)" <ji...@apache.org> on 2021/03/18 17:50:00 UTC
[jira] [Updated] (CXF-8437) DefaultHostnameVerifier accepts any
certificate as valid which is a secure issue
[ https://issues.apache.org/jira/browse/CXF-8437?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Alan Mehio updated CXF-8437:
----------------------------
Summary: DefaultHostnameVerifier accepts any certificate as valid which is a secure issue (was: DefaultHostnameVerifier ccepts any certificate as valid which is a secure issue)
> DefaultHostnameVerifier accepts any certificate as valid which is a secure issue
> ----------------------------------------------------------------------------------
>
> Key: CXF-8437
> URL: https://issues.apache.org/jira/browse/CXF-8437
> Project: CXF
> Issue Type: Improvement
> Affects Versions: 3.4.2
> Reporter: Alan Mehio
> Assignee: Freeman Yue Fang
> Priority: Minor
>
> The GitHub code scanning is flagging an error[ see|[https://github.com/apache/cxf/pull/755/checks?check_run_id=2125425364]]
> for this security issue [unsafe hostname verification|https://codeql.github.com/codeql-query-help/java/java-unsafe-hostname-verification/]
> from CodeQL documenation.
> Any idea if the Github new annotation on unchanged files is helping or it is disturbing
>
--
This message was sent by Atlassian Jira
(v8.3.4#803005)