On Mon, Nov 6, 2023 at 7:30 AM Oliver Hanraths <oliver.hanra...@gallerysystems.com.invalid> wrote: > > Hi Ben,
Hi! > > However, if you need to mitigate immediately, you could replace > > underscore in any version with a config override: > > Yeah, I know. Even though the affected file won’t be used by the > application it would still be there and be detected by security scanners > on the server. Only if the security scanner guess the outdated file's URL. With Ben's code, the outdated one wouldn't be included in pages at all. > Or do you happen to know a way to exclude the file (from within the > Tapestry core lib) from the final war file, e. g. a Gradle task? You can create an URL rewrite rule to make requests to the old file go to the new one or write a Dispatcher or RequestFilter that return a 404 status for it. > > Thanks a lot, > Oliver -- Thiago H. de Paula Figueiredo --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tapestry.apache.org For additional commands, e-mail: dev-h...@tapestry.apache.org
