[wildfly-dev] Calling attention to two security bugs in WildFly
arjan tijms
arjan.tijms at gmail.com
Tue May 5 19:21:15 EDT 2015
Hi,
A while back I reported https://issues.jboss.org/browse/SECURITY-746 and
https://issues.jboss.org/browse/SECURITY-876
746 has been open for a long time, while 876 is relatively new.
Both concern propagation of the authenticated identity from Servlet to EJB,
something which unfortunately has seen bugs in some form of the other for
several years now.
Would really be great if this can be fixed. I provided a possible
workaround for 876, and a reproducer test for both issues. If needed I can
help more.
Kind regards,
Arjan Tijms
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/wildfly-dev/attachments/20150506/004da4ec/attachment.html
More information about the wildfly-dev
mailing list