[
https://issues.apache.org/jira/browse/OAK-1633?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13951066#comment-13951066
]
Jukka Zitting commented on OAK-1633:
------------------------------------
Other things that come to mind right away are denial-of-service attacks,
triggered by a client that would keep opening new connections but never close
them or by another one that posts a multi-gigabyte request to cause an OOME.
Such cases and many others that we're certain to miss would be easy to fix by
relying on widely used and actively maintained code instead of writing
something on our own.
> Drop custom HTTP code in oak-mk-remote
> --------------------------------------
>
> Key: OAK-1633
> URL: https://issues.apache.org/jira/browse/OAK-1633
> Project: Jackrabbit Oak
> Issue Type: Bug
> Components: mk
> Reporter: Jukka Zitting
> Priority: Critical
>
> The custom HTTP code in oak-mk-remote has subtle security flaws and should be
> dropped in favor of standard servlet interfaces or something like Apache
> HttpComponents.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
