Uploaded image for project: 'CXF'
  1. CXF
  2. CXF-8437

DefaultHostnameVerifier accepts any certificate as valid which is a secure issue

    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Closed
    • Minor
    • Resolution: Duplicate
    • 3.4.2
    • None
    • None
    • None
    • Unknown

    Description

      The GitHub code scanning  is  flagging an error[ see|https://github.com/apache/cxf/pull/755/checks?check_run_id=2125425364]

       for this security issue  unsafe hostname verification

      from CodeQL documenation.  

      Any idea if the Github new annotation on unchanged files is helping or it is disturbing  

        

      Attachments

        Issue Links

          duplicates

          Bug - A problem which impairs or prevents the functions of the product. CXF-8415 DefaultHostnameVerifier fails with HttpCore NIO

          • Major - Major loss of function.
          • Closed

          Activity

            People

              ffang Freeman Yue Fang
              alanmehio Alan Mehio
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: