[jira] [Updated] (JCR-5135) Make JNDI support opt-in

Manfred Baedke (Jira) Thu, 03 Apr 2025 06:34:06 -0700


     [ 
https://issues.apache.org/jira/browse/JCR-5135?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Manfred Baedke updated JCR-5135:
--------------------------------
    Fix Version/s: 2.22.1
                       (was: 2.24)

> Make JNDI support opt-in
> ------------------------
>
>                 Key: JCR-5135
>                 URL: https://issues.apache.org/jira/browse/JCR-5135
>             Project: Jackrabbit Content Repository
>          Issue Type: Task
>          Components: jackrabbit-jcr-commons
>            Reporter: Julian Reschke
>            Assignee: Manfred Baedke
>            Priority: Major
>             Fix For: 2.22.1
>
>
> Support for JNDI is inherently dangerous, because it can load classes from 
> another location. Users of the method might not be aware when using it and 
> just pass parameter values without
> sanitization. It would probably also be good to add a warning to the method 
> and state that parameters should come from configuration and not passed in 
> from an end user.
> (ack [~mreutegg] )



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Updated] (JCR-5135) Make JNDI support opt-in

Reply via email to