[
https://issues.apache.org/jira/browse/SLING-12844?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Carsten Ziegeler resolved SLING-12844.
--------------------------------------
Resolution: Fixed
Main:
https://github.com/apache/sling-org-apache-sling-engine/commit/944154836c79b39ce3669c7ae457046a40d425e2
2.x:
https://github.com/apache/sling-org-apache-sling-engine/commit/39f84a7b7a157174b6c1d6eddad0b2eb1d2def35
> Potential origins of violations to the RequestDispatcher include API skips
> too many on committed responses
> ----------------------------------------------------------------------------------------------------------
>
> Key: SLING-12844
> URL: https://issues.apache.org/jira/browse/SLING-12844
> Project: Sling
> Issue Type: Bug
> Components: Engine
> Affects Versions: Engine 3.0.0, Engine 2.16.4
> Reporter: Remo Liechti
> Assignee: Remo Liechti
> Priority: Major
> Fix For: Engine 3.0.2, Engine 2.16.6
>
>
> See related issue SLING-12697 that has weakened the checks for committed
> responses to not flag cases for {{sendRedirect}} and {{sendError.}}
> However, this check is not sufficient enough. In cases where the response is
> committed for other reasons than sendRedirect or sendError, violations still
> need to be flagged.
> The check needs to distinguish the cases of sendRedirect and sendError, to
> not flag a violation, but also detect committed responses for other cases,
> such as:
> * manually committed responses that are done through code, like writing
> directly to the response writer or outputstream
> * responses that get committed because the buffer if full and needs to be
> flushed
> * any others...
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
