[jira] [Resolved] (CXF-7701) Encode JAX-RS Search query values for the LdapQueryVisitor

Colm O hEigeartaigh (JIRA) Thu, 05 Apr 2018 05:58:22 -0700

     [ 
https://issues.apache.org/jira/browse/CXF-7701?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Colm O hEigeartaigh resolved CXF-7701.
--------------------------------------
    Resolution: Fixed

> Encode JAX-RS Search query values for the LdapQueryVisitor
> ----------------------------------------------------------
>
>                 Key: CXF-7701
>                 URL: https://issues.apache.org/jira/browse/CXF-7701
>             Project: CXF
>          Issue Type: Improvement
>    Affects Versions: 3.2.4
>            Reporter: Colm O hEigeartaigh
>            Assignee: Colm O hEigeartaigh
>            Priority: Major
>             Fix For: 3.2.5
>
>
> When using JAX-RS search with the LdapQueryVisitor, we don't encode the query 
> value by default. This means that an LDAP injection attack is possible. By 
> default we should encode query values (and make it configurable if the user 
> wants to support searching using wildcards for example).



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Resolved] (CXF-7701) Encode JAX-RS Search query values for the LdapQueryVisitor

Reply via email to