[
http://jira.magnolia-cms.com/browse/MAGNOLIA-3191?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Work on MAGNOLIA-3191 started by Jan Haderka.
> The content of log files is not escaped before being rendered via log viewer
> ----------------------------------------------------------------------------
>
> Key: MAGNOLIA-3191
> URL: http://jira.magnolia-cms.com/browse/MAGNOLIA-3191
> Project: Magnolia
> Issue Type: Bug
> Components: admininterface
> Affects Versions: 4.1.4, 4.2.3, 4.3.1
> Reporter: Jan Haderka
> Assignee: Jan Haderka
> Priority: Critical
> Fix For: 4.2.x, 4.3.x, 4.1.x
>
>
> Currently content of the log files is assumed to be safe. This assumption is
> incorrect as the log file might include messages from content entered by
> users in search form or other input fields on the site and therefore must be
> escaped.
> While the issue impact with properly secured access to AdminCentral (protect
> access to {{.magnolia}} URI from public net) is minimal, I'm setting priority
> to critical and will push the fix into next maintenance release.
> Workaround:
> - do not use log viewer in the AdminCentral, but view the log files directly
> in the file system.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://jira.magnolia-cms.com/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
----------------------------------------------------------------
For list details see
http://www.magnolia-cms.com/home/community/mailing-lists.html
To unsubscribe, E-mail to: <[email protected]>
----------------------------------------------------------------
