[
https://issues.apache.org/jira/browse/AMQ-7339?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16970200#comment-16970200
]
ASF subversion and git services commented on AMQ-7339:
------------------------------------------------------
Commit 14b05380ba8f4447056ca0255b10eccdef56f14d in activemq's branch
refs/heads/master from Jean-Baptiste Onofré
[ https://gitbox.apache.org/repos/asf?p=activemq.git;h=14b0538 ]
Merge pull request #411 from coheigea/AMQ-7339
AMQ-7339 - Fix possible XSS attack in the HttpTunnelServlet
> Fix possible XSS attack in the HttpTunnelServlet
> ------------------------------------------------
>
> Key: AMQ-7339
> URL: https://issues.apache.org/jira/browse/AMQ-7339
> Project: ActiveMQ
> Issue Type: Improvement
> Reporter: Colm O hEigeartaigh
> Assignee: Jean-Baptiste Onofré
> Priority: Major
> Fix For: 5.16.0, 5.15.11
>
> Time Spent: 20m
> Remaining Estimate: 0h
>
> There is a potential XXS attack in the HttpTunnelServlet where we return the
> clientId header directly in an error. The fix is just to avoid sending the
> header back at all, as I didn't want to add an additional dependency to
> encode it.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
