Details
-
Bug
-
Status: Closed
-
Minor
-
Resolution: Fixed
-
webconsole-4.5.0
-
None
Description
If you attempt to upload an invalid bundle in BundleServlet (say a regular war file), null is returned from getSymbolicNameVersion(bundleFile). This result in a NPE and the bundleFile is not actually deleted. This could potentially allow someone to fill up the disk space of the server by repeatedly uploading large invalid war/jars.
PR: https://github.com/apache/felix-dev/pull/20
Attachments
Issue Links
- links to