[jira] [Commented] (OAK-1633) Drop custom HTTP code in oak-mk-remote

Dominique Pfister (JIRA) Fri, 28 Mar 2014 03:19:34 -0700

    [ 
https://issues.apache.org/jira/browse/OAK-1633?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13950557#comment-13950557
 ]


Dominique Pfister commented on OAK-1633:
----------------------------------------

What flaws are you talking about? As far as I know, there are 2 obvious issues 
(one with headers not being checked for embedded CR LF and and one with 
allocating a byte array where the size is passed as a request parameter), but 
fixing those is trivial.

> Drop custom HTTP code in oak-mk-remote
> --------------------------------------
>
>                 Key: OAK-1633
>                 URL: https://issues.apache.org/jira/browse/OAK-1633
>             Project: Jackrabbit Oak
>          Issue Type: Bug
>          Components: mk
>            Reporter: Jukka Zitting
>            Priority: Critical
>
> The custom HTTP code in oak-mk-remote has subtle security flaws and should be 
> dropped in favor of standard servlet interfaces or something like Apache 
> HttpComponents.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

[jira] [Commented] (OAK-1633) Drop custom HTTP code in oak-mk-remote

Reply via email to