[jira] [Commented] (KARAF-6090) kar extract should ignore path containing .. relative path

ASF subversion and git services (JIRA) Fri, 18 Jan 2019 05:56:10 -0800


    [ 
https://issues.apache.org/jira/browse/KARAF-6090?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16746307#comment-16746307
 ]


ASF subversion and git services commented on KARAF-6090:
--------------------------------------------------------

Commit b833eab2bc65cf100ddd49b34311be330b350550 in karaf's branch 
refs/heads/master from Jean-Baptiste Onofré
[ https://gitbox.apache.org/repos/asf?p=karaf.git;h=b833eab ]

Merge pull request #730 from coheigea/KARAF-6090

[KARAF-6090] Also check the URL encoded form of ".."

> kar extract should ignore path containing .. relative path
> ----------------------------------------------------------
>
>                 Key: KARAF-6090
>                 URL: https://issues.apache.org/jira/browse/KARAF-6090
>             Project: Karaf
>          Issue Type: Improvement
>          Components: cave, karaf
>            Reporter: Jean-Baptiste Onofré
>            Assignee: Jean-Baptiste Onofré
>            Priority: Major
>             Fix For: 4.1.8, 4.2.3, cave-4.1.2
>
>
> For security reason, kar extract (or explode in Cave deployer) should ignore 
> inner path containing {{..}} relative.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Commented] (KARAF-6090) kar extract should ignore path containing .. relative path

Reply via email to