[GERONIMO-4266] Upgrade to DWR 2.0.5 for XSS security fix - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: 2.1, 2.1.1, 2.1.2, 2.1.3, 2.2
Fix Version/s: 2.1.3, 2.2
Component/s: dependencies
Security Level: public (Regular issues)
Labels:
None

Description

Need to upgrade to DWR 2.0.5 for the following fix -

------------------------------------------------------------------------
r2077 | joe | 2008-06-22 09:28:22 -0400 (Sun, 22 Jun 2008) | 7 lines

Fix for XSS issue in ExceptionHandler:

PartialResponse.fromOrdinal() throws a NumberFormatException trying to
parse the 'partialResponse' parameter. This exception is never caught,
prompting UrlProcessor to invoke DWR's default ExceptionHandler class,
which calls out.println(cause.getMessage()), thereby causing the XSS.

------------------------------------------------------------------------

Attachments

Activity

People

Assignee:: Donald Woods

Reporter:: Donald Woods

Votes:: 0 Vote for this issue

Watchers:: 0 Start watching this issue

Dates

Created:: 26/Aug/08 19:32

Updated:: 27/Aug/08 01:10

Resolved:: 27/Aug/08 01:10