[jira] [Commented] (KARAF-6090) kar extract should ignore path containing .. relative path

ASF GitHub Bot (JIRA) Fri, 18 Jan 2019 02:10:47 -0800


    [ 
https://issues.apache.org/jira/browse/KARAF-6090?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16746121#comment-16746121
 ]


ASF GitHub Bot commented on KARAF-6090:
---------------------------------------

coheigea commented on pull request #730: KARAF-6090 - Also check the URL 
encoded form of ".."
URL: https://github.com/apache/karaf/pull/730
 
 
   
 
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


> kar extract should ignore path containing .. relative path
> ----------------------------------------------------------
>
>                 Key: KARAF-6090
>                 URL: https://issues.apache.org/jira/browse/KARAF-6090
>             Project: Karaf
>          Issue Type: Improvement
>          Components: cave, karaf
>            Reporter: Jean-Baptiste Onofré
>            Assignee: Jean-Baptiste Onofré
>            Priority: Major
>             Fix For: 4.1.8, 4.2.3, cave-4.1.2
>
>
> For security reason, kar extract (or explode in Cave deployer) should ignore 
> inner path containing {{..}} relative.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Commented] (KARAF-6090) kar extract should ignore path containing .. relative path

Reply via email to