Colm O hEigeartaigh created CXF-7701:
----------------------------------------
Summary: Encode JAX-RS Search query values for the LdapQueryVisitor
Key: CXF-7701
URL: https://issues.apache.org/jira/browse/CXF-7701
Project: CXF
Issue Type: Improvement
Affects Versions: 3.2.4
Reporter: Colm O hEigeartaigh
Assignee: Colm O hEigeartaigh
Fix For: 3.2.5
When using JAX-RS search with the LdapQueryVisitor, we don't encode the query
value by default. This means that an LDAP injection attack is possible. By
default we should encode query values (and make it configurable if the user
wants to support searching using wildcards for example).
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
