[jira] [Resolved] (SLING-9811) UserManager Post servlets should not allow redirects to other hosts

Eric Norman (Jira) Sun, 11 Oct 2020 14:10:31 -0700


     [ 
https://issues.apache.org/jira/browse/SLING-9811?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Eric Norman resolved SLING-9811.
--------------------------------
    Resolution: Fixed

Fixed at: 
https://github.com/apache/sling-org-apache-sling-jcr-jackrabbit-usermanager/commit/8cd14e7fd26b0c2372f9fd1a5bb48d58ccc55d85

> UserManager Post servlets should not allow redirects to other hosts
> -------------------------------------------------------------------
>
>                 Key: SLING-9811
>                 URL: https://issues.apache.org/jira/browse/SLING-9811
>             Project: Sling
>          Issue Type: Improvement
>            Reporter: Eric Norman
>            Assignee: Eric Norman
>            Priority: Major
>             Fix For: JCR Jackrabbit User Manager 2.2.12
>
>
> Through the {{:redirect}} parameter of the AbstractPostServlet arbitrary 
> redirects are possible. That should be limited so that redirects to other 
> servers are not possible.
>  
> Expected: Apply the same solution that was applied to SlingPostServlet for 
> SLING-4469



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Resolved] (SLING-9811) UserManager Post servlets should not allow redirects to other hosts

Reply via email to