[
https://issues.apache.org/jira/browse/CXF-7701?focusedWorklogId=302668&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-302668
]
ASF GitHub Bot logged work on CXF-7701:
---------------------------------------
Author: ASF GitHub Bot
Created on: 28/Aug/19 08:41
Start Date: 28/Aug/19 08:41
Worklog Time Spent: 10m
Work Description: jgallimore commented on pull request #576: Backport of
fix for CXF-7701
URL: https://github.com/apache/cxf/pull/576
Hi CXF community! This is a backport of the fix for CXF-7701 to the 3.1.x
branch which is being used by some of our maintenance branches on Apache TomEE.
Could this be considered for 3.1.x? Many thanks.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
Issue Time Tracking
-------------------
Worklog Id: (was: 302668)
Remaining Estimate: 0h
Time Spent: 10m
> Encode JAX-RS Search query values for the LdapQueryVisitor
> ----------------------------------------------------------
>
> Key: CXF-7701
> URL: https://issues.apache.org/jira/browse/CXF-7701
> Project: CXF
> Issue Type: Improvement
> Affects Versions: 3.2.4
> Reporter: Colm O hEigeartaigh
> Assignee: Colm O hEigeartaigh
> Priority: Major
> Fix For: 3.2.5
>
> Time Spent: 10m
> Remaining Estimate: 0h
>
> When using JAX-RS search with the LdapQueryVisitor, we don't encode the query
> value by default. This means that an LDAP injection attack is possible. By
> default we should encode query values (and make it configurable if the user
> wants to support searching using wildcards for example).
--
This message was sent by Atlassian Jira
(v8.3.2#803003)
