[
https://issues.apache.org/jira/browse/TRINIDAD-866?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12718596#action_12718596
]
Kunal commented on TRINIDAD-866:
--------------------------------
I am interested in a fix for
<!--Created by Apache Trinidad (Apache MyFaces Trinidad API - 1.0.2/Apache
MyFaces Trinidad Impl - 1.0.2), skin:beach.desktop (beach)-->
but, I am surprised that no one has watched or voted for this for about 1.5
years
> Security: Trinidad reveals sensitive information about software versions in
> generated HTML comments
> ---------------------------------------------------------------------------------------------------
>
> Key: TRINIDAD-866
> URL: https://issues.apache.org/jira/browse/TRINIDAD-866
> Project: MyFaces Trinidad
> Issue Type: Bug
> Affects Versions: 1.0.2-plugins
> Environment: JBoss 4.2.0.GA_CP01 on Red Hat
> Reporter: Aleksander Adamowski
>
> In the output HTML generated by Trinidad, one can discover the following
> comments:
> <!--Created by Apache Trinidad (Apache MyFaces Trinidad API - 1.0.2/Apache
> MyFaces Trinidad Impl - 1.0.2), skin:beach.desktop (beach)-->
> Outputting this kind of information qualifies as sensitive information leak,
> as it reveals detailed information about software configuration of the
> application server's component and can be used by potential attacker to his
> advantage.
> No intormation in the documentation was found as to whether this disclosure
> can be disabled.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
