[
https://issues.apache.org/jira/browse/CXF-7701?focusedWorklogId=307890&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-307890
]
ASF GitHub Bot logged work on CXF-7701:
---------------------------------------
Author: ASF GitHub Bot
Created on: 06/Sep/19 14:22
Start Date: 06/Sep/19 14:22
Worklog Time Spent: 10m
Work Description: coheigea commented on pull request #576: Backport of
fix for CXF-7701
URL: https://github.com/apache/cxf/pull/576
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
Issue Time Tracking
-------------------
Worklog Id: (was: 307890)
Time Spent: 20m (was: 10m)
> Encode JAX-RS Search query values for the LdapQueryVisitor
> ----------------------------------------------------------
>
> Key: CXF-7701
> URL: https://issues.apache.org/jira/browse/CXF-7701
> Project: CXF
> Issue Type: Improvement
> Affects Versions: 3.2.4
> Reporter: Colm O hEigeartaigh
> Assignee: Colm O hEigeartaigh
> Priority: Major
> Fix For: 3.2.5
>
> Time Spent: 20m
> Remaining Estimate: 0h
>
> When using JAX-RS search with the LdapQueryVisitor, we don't encode the query
> value by default. This means that an LDAP injection attack is possible. By
> default we should encode query values (and make it configurable if the user
> wants to support searching using wildcards for example).
--
This message was sent by Atlassian Jira
(v8.3.2#803003)
