Details
-
Bug
-
Status: Closed
-
Major
-
Resolution: Fixed
-
3.0.0, 3.0.1, 3.0.2, 3.1.0, 3.1.1, 3.1.2, 3.2.0, 3.1.3, 3.1.4, 3.2.1, 3.2.2, 3.2.3, 3.2.4, 3.2.5
-
None
Description
It was noted that the NetAccessors don't have any guard against being handed a relative URL, which is not a sensible thing for them to be trying to resolve. Further, at least one of the implemented NetAccessors can do protocol inference for scheme-less URLs, making them unsafe to use.
All applications should have an entity/resource resolver guarding URLs anyway, but we should harden the code to just prevent it from happening by the supplied implementations.
Thanks to Wild Pointer / Barak Sternberg for finding this issue.