[security-dev] Fwd: [JIRA] Resolved: (JAX_RS_SPEC-346) NewCookie needs HttpOnly
Bill Burke
bburke at redhat.com
Tue Feb 5 10:59:09 EST 2013
LOL
On 2/5/2013 10:53 AM, Anil Saldhana wrote:
> Bill, giant leap for secure Java REST services. :)
>
> On 02/05/2013 07:46 AM, Bill Burke wrote:
>> Fixed in JAx-rs 2.0
>>
>>
>> -------- Original Message --------
>> Subject: [JIRA] Resolved: (JAX_RS_SPEC-346) NewCookie needs HttpOnly
>> Date: Mon, 4 Feb 2013 20:24:53 +0000 (GMT+00:00)
>> From: Marek Potociar (JIRA) <jira-no-reply at java.net>
>> To: patriot1burke at java.net
>>
>>
>> [
>> http://java.net/jira/browse/JAX_RS_SPEC-346?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
>> ]
>>
>> Marek Potociar resolved JAX_RS_SPEC-346.
>> ----------------------------------------
>>
>> Resolution: Fixed
>>
>> Fixed on the master branch. Added {{HttpOnly}}-aware constructors and
>> {{isHttpOnly()}} getter to {{NewCookie}}.
>>
>>> NewCookie needs HttpOnly
>>> ------------------------
>>>
>>> Key: JAX_RS_SPEC-346
>>> URL: http://java.net/jira/browse/JAX_RS_SPEC-346
>>> Project: jax-rs-spec
>>> Issue Type: New Feature
>>> Components: runtime
>>> Affects Versions: 1.1
>>> Reporter: patriot1burke
>>> Assignee: Marek Potociar
>>> Fix For: 2.0-pfd, 2.0
>>>
>>>
>>> This is needed to plug up certain security holes
>
> _______________________________________________
> security-dev mailing list
> security-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/security-dev
>
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
More information about the security-dev
mailing list