[TAPESTRY-1175] security flaw - unprotected asset regexp paths allow access to other things - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Blocker
Resolution: Fixed
Affects Version/s: 4.1.1
Fix Version/s: 4.1.1
Component/s: Framework
Labels:
None
Environment:
any

Description

As pointed out on the dev list, the current basic strings "dojo/" and "tapestry/" aren't enough to prevent access to other resources. (such as a class in a package like foo.tapestry.pages )

Investigate using the beginning of line specifier "^" or whatever else works. This definitely needs to be fixed before 4.1.1 goes out.

Attachments

Activity

People

Assignee:: Jesse Kuhnert

Reporter:: Jesse Kuhnert

Votes:: 0 Vote for this issue

Watchers:: 0 Start watching this issue

Dates

Created:: 05/Dec/06 17:15

Updated:: 06/Dec/06 23:11

Resolved:: 06/Dec/06 23:11