[seam-issues] [JBoss JIRA] (JBSEAM-5128) CLONE - Add session['class'] to EL blacklist
Marek Novotny (JIRA)
jira-events at lists.jboss.org
Thu Oct 10 06:47:02 EDT 2013
[ https://issues.jboss.org/browse/JBSEAM-5128?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Marek Novotny moved WFK2-204 to JBSEAM-5128:
--------------------------------------------
Project: Seam 2 (was: JBoss WFK 2)
Key: JBSEAM-5128 (was: WFK2-204)
Issue Type: Task (was: Bug)
Workflow: GIT Pull Request workflow (was: CDW v1)
Affects Version/s: 2.3.1.Final
2.3.0.Final
(was: 2.3.0.GA)
Component/s: EL
(was: Seam 2)
Security: (was: JBoss Internal)
Target Release: (was: 2.4.0.GA)
> CLONE - Add session['class'] to EL blacklist
> --------------------------------------------
>
> Key: JBSEAM-5128
> URL: https://issues.jboss.org/browse/JBSEAM-5128
> Project: Seam 2
> Issue Type: Task
> Components: EL
> Affects Versions: 2.3.1.Final, 2.3.0.Final
> Reporter: David Jorm
> Assignee: Marek Novotny
> Priority: Critical
>
> As a hardening measure, add session['class'] to EL blacklist to protect against EL remote code execution attacks.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the seam-issues
mailing list