Re: [jira] Closed: (TAP5-815) Asset dispatcher allows any file inside the webapp visible and downloadable

Fri, 11 Dec 2009 16:16:14 -0800 

5.0.19 should be fine.
Turns out, there are still some tweaks needed for 5.1.0.6 and 5.2.0, but those are all related to the proper protection of WEB-INF and META- INF along with the proper opening (by default) of the remaining static context assets. 5.0.19 doesn't serve context assets through AssetDispatcher, so it doesn't have these same issues. 

Robert

On Dec 10, 2009, at 12/106:27 PM , Andreas Andreou wrote:


great to see this closed!

afaik, there's no other 'promised' pending issue for 5.0.19, right?

If that's true and everyone agrees, we can go on with that release  
first!



On Fri, Dec 11, 2009 at 1:50 AM, Robert Zeigler (JIRA) <[email protected] 
> wrote:



    [ https://issues.apache.org/jira/browse/TAP5-815?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel 
 ]


Robert Zeigler closed TAP5-815.
-------------------------------

      Resolution: Fixed
   Fix Version/s: 5.0.19
                  5.1.0.6
                  5.2.0


Asset dispatcher allows any file inside the webapp visible and  
downloadable

---------------------------------------------------------------------------

                Key: TAP5-815
                URL: https://issues.apache.org/jira/browse/TAP5-815
            Project: Tapestry 5
         Issue Type: Bug
   Affects Versions: 5.1.0.5
           Reporter: Thiago H. de Paula Figueiredo
           Assignee: Robert Zeigler
           Priority: Blocker
            Fix For: 5.2.0, 5.1.0.6, 5.0.19



Take any asset and you have an URL like domain.com/assets/ctx/ 
f10407a6c1753e39/css/main.css. If you request domain.com/assets/ 
ctx/f10407a6c1753e39/, a list containing all the files inside the  
webapp root is shown. It gives you the hint at downloading any  
file you want, including anyting inside WEB-INF and assets that  
should be protected by ResourceDigestGenerator.


--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.






--
Andreas Andreou - [email protected] - http://blog.andyhot.gr
Tapestry / Tacos developer
Open Source / JEE Consulting

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]



---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]























					Reply via email to