[security-dev] Fwd: [JIRA] Resolved: (JAX_RS_SPEC-346) NewCookie needs HttpOnly

Anil Saldhana Anil.Saldhana at redhat.com
Tue Feb 5 10:53:30 EST 2013


Bill,  giant leap for secure Java REST services. :)

On 02/05/2013 07:46 AM, Bill Burke wrote:
> Fixed in JAx-rs 2.0
>
>
> -------- Original Message --------
> Subject: [JIRA] Resolved: (JAX_RS_SPEC-346) NewCookie needs HttpOnly
> Date: Mon, 4 Feb 2013 20:24:53 +0000 (GMT+00:00)
> From: Marek Potociar (JIRA) <jira-no-reply at java.net>
> To: patriot1burke at java.net
>
>
>        [
> http://java.net/jira/browse/JAX_RS_SPEC-346?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
> ]
>
> Marek Potociar resolved JAX_RS_SPEC-346.
> ----------------------------------------
>
>       Resolution: Fixed
>
> Fixed on the master branch. Added {{HttpOnly}}-aware constructors and
> {{isHttpOnly()}} getter to {{NewCookie}}.
>
>> NewCookie needs HttpOnly
>> ------------------------
>>
>>                  Key: JAX_RS_SPEC-346
>>                  URL: http://java.net/jira/browse/JAX_RS_SPEC-346
>>              Project: jax-rs-spec
>>           Issue Type: New Feature
>>           Components: runtime
>>     Affects Versions: 1.1
>>             Reporter: patriot1burke
>>             Assignee: Marek Potociar
>>              Fix For: 2.0-pfd, 2.0
>>
>>
>> This is needed to plug up certain security holes



More information about the security-dev mailing list