Re: [security-dev] Fwd: [JIRA] Resolved: (JAX_RS_SPEC-346) NewCookie needs HttpOnly

Fixed in JAx-rs 2.0 -------- Original Message -------- Subject: [JIRA] Resolved: (JAX_RS_SPEC-346) NewCookie needs HttpOnly Date: Mon, 4 Feb 2013 20:24:53 +0000 (GMT+00:00) From: Marek Potociar (JIRA) <jira-no-reply(a)java.net&gt; To: patriot1burke(a)java.net [ http://java.net/jira/browse/JAX_RS_SPEC-346?page=com.atlassian.jira.plugi... ] Marek Potociar resolved JAX_RS_SPEC-346. ---------------------------------------- Resolution: Fixed Fixed on the master branch. Added {{HttpOnly}}-aware constructors and {{isHttpOnly()}} getter to {{NewCookie}}. > NewCookie needs HttpOnly > ------------------------ > > Key: JAX_RS_SPEC-346 > URL: http://java.net/jira/browse/JAX_RS_SPEC-346 > Project: jax-rs-spec > Issue Type: New Feature > Components: runtime > Affects Versions: 1.1 > Reporter: patriot1burke > Assignee: Marek Potociar > Fix For: 2.0-pfd, 2.0 > > > This is needed to plug up certain security holes