date:20161223

Re: Reg vulnerability for Server State saving

2016-12-23 Thread Thomas Andraschko

Hi, i don't think there is any other way to configure it but you can still check the sources: http://svn.apache.org/viewvc/myfaces/core/branches/1.1.x/ Regards, Thomas 2016-12-23 11:21 GMT+01:00 karthik kn : > Hi All, > Any thoughts on the below ? > > On Wed, Dec 21, 2016

Re: Reg vulnerability for Server State saving

2016-12-23 Thread karthik kn

Hi All, Any thoughts on the below ? On Wed, Dec 21, 2016 at 10:22 AM, karthik kn wrote: > Hi, > If i use a new key in web.xml as SECRET, it could be still exposed to the > Administrator on accessing the system. > > Wont this cause a vulnerability ? Is there any other