[
https://jira.jboss.org/jira/browse/JBPM-1958?page=com.atlassian.jira.plug...
]
Alejandro Guizar commented on JBPM-1958:
----------------------------------------
This issue and its counterpart SOA-1065 are about sandboxing the jBPM scripts and action
handlers. Securing process deployment was already done by moving the upload servlet into
the webapp secure area.
I have reenabled the ProcessUploadServlet in the console SOA overlay and moved it back to
the secure area.
Security issue allows arbitrary java code to be deployed and
executed
---------------------------------------------------------------------
Key: JBPM-1958
URL:
https://jira.jboss.org/jira/browse/JBPM-1958
Project: JBoss jBPM
Issue Type: Bug
Security Level: Public(Everyone can see)
Components: Console
Affects Versions: jBPM 3.2.5.SP5
Reporter: Thomas Diesler
Assignee: Alejandro Guizar
Fix For: jBPM 3.2.x
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
http://www.atlassian.com/software/jira