[
https://issues.apache.org/jira/browse/DISPATCH-303?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15267580#comment-15267580
]
ASF subversion and git services commented on DISPATCH-303:
----------------------------------------------------------
Commit 52979637c8f9a4c6b07d704364bdba629b5a83f9 in qpid-dispatch's branch
refs/heads/master from [[email protected]]
[ https://git-wip-us.apache.org/repos/asf?p=qpid-dispatch.git;h=5297963 ]
DISPATCH-303 - Block all remote access to the "console" entity.
> Block all remote access to the "console" entity
> -----------------------------------------------
>
> Key: DISPATCH-303
> URL: https://issues.apache.org/jira/browse/DISPATCH-303
> Project: Qpid Dispatch
> Issue Type: Improvement
> Components: Container
> Reporter: Ted Ross
> Assignee: Ted Ross
> Fix For: 0.6
>
>
> The "console" entity allows Dispatch to launch a helper application to proxy
> websockets for management. This should be a configuration-only entity.
> Providing any kind of remote access (read or write) constitutes a security
> vulnerability.
> Access to this entity from the management protocol should be blocked.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
