[
https://issues.apache.org/jira/browse/CXF-4172?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Sergey Beryozkin updated CXF-4172:
----------------------------------
Description:
Default XML, JSON and Form providers using the Maps internally are open to the
hash collision attacks.
This includes JAXBElementProvider and JSONProvider (JAXB-driven),
SourceProvider, FormEncodingProvider.
was:JAXB based and Form providers using the Maps internally are open to the
hash collision attacks.
Summary: Default JAX-RS XML, JSON and Form providers are open to the
hash collision attacks (was: Default JAX-RS JAXB, JSON and Form providers are
open to the hash collision attacks)
> Default JAX-RS XML, JSON and Form providers are open to the hash collision
> attacks
> ----------------------------------------------------------------------------------
>
> Key: CXF-4172
> URL: https://issues.apache.org/jira/browse/CXF-4172
> Project: CXF
> Issue Type: Bug
> Components: JAX-RS, JAX-RS Security
> Reporter: Sergey Beryozkin
> Assignee: Sergey Beryozkin
> Priority: Critical
> Fix For: 2.3.10, 2.4.7, 2.5.3, 2.6
>
>
> Default XML, JSON and Form providers using the Maps internally are open to
> the hash collision attacks.
> This includes JAXBElementProvider and JSONProvider (JAXB-driven),
> SourceProvider, FormEncodingProvider.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
