[jira] [Commented] (DERBY-7147) LDAP injection vulnerability in LDAPAuthenticationImpl

[ https://issues.apache.org/jira/browse/DERBY-7147?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17758153#comment-17758153 ] Richard N. Hillegas commented on DERBY-7147: This issue has been assigned CVE-2022-46337. The

[jira] [Commented] (DERBY-7147) LDAP injection vulnerability in LDAPAuthenticationImpl

[ https://issues.apache.org/jira/browse/DERBY-7147?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17645003#comment-17645003 ] Richard N. Hillegas commented on DERBY-7147: I'm done with the work I plan to do on this

[jira] [Commented] (DERBY-7147) LDAP injection vulnerability in LDAPAuthenticationImpl

[ https://issues.apache.org/jira/browse/DERBY-7147?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17644419#comment-17644419 ] ASF subversion and git services commented on DERBY-7147: Commit 1905843 from

[jira] [Commented] (DERBY-7147) LDAP injection vulnerability in LDAPAuthenticationImpl

[ https://issues.apache.org/jira/browse/DERBY-7147?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17644418#comment-17644418 ] Richard N. Hillegas commented on DERBY-7147: Attaching

[jira] [Commented] (DERBY-7147) LDAP injection vulnerability in LDAPAuthenticationImpl

[ https://issues.apache.org/jira/browse/DERBY-7147?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17644408#comment-17644408 ] ASF subversion and git services commented on DERBY-7147: Commit 1905842 from

[jira] [Commented] (DERBY-7147) LDAP injection vulnerability in LDAPAuthenticationImpl

[ https://issues.apache.org/jira/browse/DERBY-7147?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17643970#comment-17643970 ] ASF subversion and git services commented on DERBY-7147: Commit 1905800 from

[jira] [Commented] (DERBY-7147) LDAP injection vulnerability in LDAPAuthenticationImpl

[ https://issues.apache.org/jira/browse/DERBY-7147?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17643043#comment-17643043 ] Richard N. Hillegas commented on DERBY-7147: I think that the LDAP provider should take

[jira] [Commented] (DERBY-7147) LDAP injection vulnerability in LDAPAuthenticationImpl

[ https://issues.apache.org/jira/browse/DERBY-7147?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17642921#comment-17642921 ] Bryan Pendleton commented on DERBY-7147: Perhaps we can proceed with what we have now, and in a

[jira] [Commented] (DERBY-7147) LDAP injection vulnerability in LDAPAuthenticationImpl

[ https://issues.apache.org/jira/browse/DERBY-7147?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17642879#comment-17642879 ] Bryan Pendleton commented on DERBY-7147: Actually, I think I did my ldaps test incorrectly.

[jira] [Commented] (DERBY-7147) LDAP injection vulnerability in LDAPAuthenticationImpl

[ https://issues.apache.org/jira/browse/DERBY-7147?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17642863#comment-17642863 ] Richard N. Hillegas commented on DERBY-7147: Thanks for that feedback, Bryan. Attaching

[jira] [Commented] (DERBY-7147) LDAP injection vulnerability in LDAPAuthenticationImpl

[ https://issues.apache.org/jira/browse/DERBY-7147?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17642851#comment-17642851 ] Bryan Pendleton commented on DERBY-7147: Those documentation updates seem like good improvements

[jira] [Commented] (DERBY-7147) LDAP injection vulnerability in LDAPAuthenticationImpl

[ https://issues.apache.org/jira/browse/DERBY-7147?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17640966#comment-17640966 ] Richard N. Hillegas commented on DERBY-7147: Attaching

[jira] [Commented] (DERBY-7147) LDAP injection vulnerability in LDAPAuthenticationImpl

[ https://issues.apache.org/jira/browse/DERBY-7147?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17640774#comment-17640774 ] Richard N. Hillegas commented on DERBY-7147: I think that we need to update the security

[jira] [Commented] (DERBY-7147) LDAP injection vulnerability in LDAPAuthenticationImpl

[ https://issues.apache.org/jira/browse/DERBY-7147?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17640706#comment-17640706 ] Bryan Pendleton commented on DERBY-7147: Fine with me to make just a 10.16.2 release.  What in

[jira] [Commented] (DERBY-7147) LDAP injection vulnerability in LDAPAuthenticationImpl

[ https://issues.apache.org/jira/browse/DERBY-7147?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17640294#comment-17640294 ] Richard N. Hillegas commented on DERBY-7147: At a minimum, I think that we need to publish

[jira] [Commented] (DERBY-7147) LDAP injection vulnerability in LDAPAuthenticationImpl

[ https://issues.apache.org/jira/browse/DERBY-7147?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17640286#comment-17640286 ] ASF subversion and git services commented on DERBY-7147: Commit 1905586 from

[jira] [Commented] (DERBY-7147) LDAP injection vulnerability in LDAPAuthenticationImpl

[ https://issues.apache.org/jira/browse/DERBY-7147?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17640283#comment-17640283 ] ASF subversion and git services commented on DERBY-7147: Commit 1905585 from

[jira] [Commented] (DERBY-7147) LDAP injection vulnerability in LDAPAuthenticationImpl

[ https://issues.apache.org/jira/browse/DERBY-7147?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17639730#comment-17639730 ] ASF subversion and git services commented on DERBY-7147: Commit 1905560 from

[jira] [Commented] (DERBY-7147) LDAP injection vulnerability in LDAPAuthenticationImpl

[ https://issues.apache.org/jira/browse/DERBY-7147?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17639555#comment-17639555 ] ASF subversion and git services commented on DERBY-7147: Commit 1905550 from

[jira] [Commented] (DERBY-7147) LDAP injection vulnerability in LDAPAuthenticationImpl

[ https://issues.apache.org/jira/browse/DERBY-7147?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17639554#comment-17639554 ] Richard N. Hillegas commented on DERBY-7147: Thanks for testing the patch, Bryan. Your notes

[jira] [Commented] (DERBY-7147) LDAP injection vulnerability in LDAPAuthenticationImpl

[ https://issues.apache.org/jira/browse/DERBY-7147?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17639540#comment-17639540 ] Bryan Pendleton commented on DERBY-7147: Rick, a possible difference between your 'ant

[jira] [Commented] (DERBY-7147) LDAP injection vulnerability in LDAPAuthenticationImpl

[ https://issues.apache.org/jira/browse/DERBY-7147?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17639539#comment-17639539 ] Bryan Pendleton commented on DERBY-7147: Anyway, if it wasn't clear from the above, +1 from me to

[jira] [Commented] (DERBY-7147) LDAP injection vulnerability in LDAPAuthenticationImpl

[ https://issues.apache.org/jira/browse/DERBY-7147?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17639538#comment-17639538 ] Bryan Pendleton commented on DERBY-7147: Yay! I've successfully run LDAPAuthenticationTest with

[jira] [Commented] (DERBY-7147) LDAP injection vulnerability in LDAPAuthenticationImpl

[ https://issues.apache.org/jira/browse/DERBY-7147?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17639510#comment-17639510 ] Richard N. Hillegas commented on DERBY-7147: The ant command works for me against a sane

[jira] [Commented] (DERBY-7147) LDAP injection vulnerability in LDAPAuthenticationImpl

[ https://issues.apache.org/jira/browse/DERBY-7147?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17639509#comment-17639509 ] Bryan Pendleton commented on DERBY-7147: Hi Rick, sorry for these stupid questions. Do you think

[jira] [Commented] (DERBY-7147) LDAP injection vulnerability in LDAPAuthenticationImpl

[ https://issues.apache.org/jira/browse/DERBY-7147?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17637898#comment-17637898 ] Richard N. Hillegas commented on DERBY-7147: Attaching

[jira] [Commented] (DERBY-7147) LDAP injection vulnerability in LDAPAuthenticationImpl

[ https://issues.apache.org/jira/browse/DERBY-7147?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17637772#comment-17637772 ] Bryan Pendleton commented on DERBY-7147: Rick, my fairly casual read of [RFC

[jira] [Commented] (DERBY-7147) LDAP injection vulnerability in LDAPAuthenticationImpl

[ https://issues.apache.org/jira/browse/DERBY-7147?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17637475#comment-17637475 ] Bryan Pendleton commented on DERBY-7147: Uh-oh! Reverting your patch makes the problem go away.

[jira] [Commented] (DERBY-7147) LDAP injection vulnerability in LDAPAuthenticationImpl

[ https://issues.apache.org/jira/browse/DERBY-7147?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17637473#comment-17637473 ] Bryan Pendleton commented on DERBY-7147: That's a good point! I do have your patch applied. I'll

[jira] [Commented] (DERBY-7147) LDAP injection vulnerability in LDAPAuthenticationImpl

[ https://issues.apache.org/jira/browse/DERBY-7147?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17637466#comment-17637466 ] Richard N. Hillegas commented on DERBY-7147: Thanks for slogging through this, Bryan. Just

[jira] [Commented] (DERBY-7147) LDAP injection vulnerability in LDAPAuthenticationImpl

[ https://issues.apache.org/jira/browse/DERBY-7147?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17637439#comment-17637439 ] Bryan Pendleton commented on DERBY-7147: My attempts to connect to the ApacheDS server using the

[jira] [Commented] (DERBY-7147) LDAP injection vulnerability in LDAPAuthenticationImpl

[ https://issues.apache.org/jira/browse/DERBY-7147?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17637437#comment-17637437 ] Bryan Pendleton commented on DERBY-7147: I've been trying to verify that Derby can use the

[jira] [Commented] (DERBY-7147) LDAP injection vulnerability in LDAPAuthenticationImpl

[ https://issues.apache.org/jira/browse/DERBY-7147?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17636981#comment-17636981 ] Bryan Pendleton commented on DERBY-7147: Here's a tiny little bit of instructions on how to run

[jira] [Commented] (DERBY-7147) LDAP injection vulnerability in LDAPAuthenticationImpl

[ https://issues.apache.org/jira/browse/DERBY-7147?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17636980#comment-17636980 ] Bryan Pendleton commented on DERBY-7147: Archive.org finds that ancient broken link:

[jira] [Commented] (DERBY-7147) LDAP injection vulnerability in LDAPAuthenticationImpl

[ https://issues.apache.org/jira/browse/DERBY-7147?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17636844#comment-17636844 ] Richard N. Hillegas commented on DERBY-7147: Attaching

[jira] [Commented] (DERBY-7147) LDAP injection vulnerability in LDAPAuthenticationImpl

[ https://issues.apache.org/jira/browse/DERBY-7147?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17636778#comment-17636778 ] ASF subversion and git services commented on DERBY-7147: Commit 1905442 from

[jira] [Commented] (DERBY-7147) LDAP injection vulnerability in LDAPAuthenticationImpl

[ https://issues.apache.org/jira/browse/DERBY-7147?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17636777#comment-17636777 ] Richard N. Hillegas commented on DERBY-7147: Attaching

[jira] [Commented] (DERBY-7147) LDAP injection vulnerability in LDAPAuthenticationImpl

[ https://issues.apache.org/jira/browse/DERBY-7147?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17636344#comment-17636344 ] Bryan Pendleton commented on DERBY-7147: I can test on Linux, and possibly (if we really think

[jira] [Commented] (DERBY-7147) LDAP injection vulnerability in LDAPAuthenticationImpl

[ https://issues.apache.org/jira/browse/DERBY-7147?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17636303#comment-17636303 ] Richard N. Hillegas commented on DERBY-7147: If you can figure out how to run a directory

[jira] [Commented] (DERBY-7147) LDAP injection vulnerability in LDAPAuthenticationImpl

[ https://issues.apache.org/jira/browse/DERBY-7147?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17636217#comment-17636217 ] Bryan Pendleton commented on DERBY-7147: That seems like it could be a useful step forward! I

[jira] [Commented] (DERBY-7147) LDAP injection vulnerability in LDAPAuthenticationImpl

[ https://issues.apache.org/jira/browse/DERBY-7147?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17636207#comment-17636207 ] Richard N. Hillegas commented on DERBY-7147: There are other dead links in the LDAP

[jira] [Commented] (DERBY-7147) LDAP injection vulnerability in LDAPAuthenticationImpl

[ https://issues.apache.org/jira/browse/DERBY-7147?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17636172#comment-17636172 ] Bryan Pendleton commented on DERBY-7147: Can we adapt our LDAP sample instructions to the

[jira] [Commented] (DERBY-7147) LDAP injection vulnerability in LDAPAuthenticationImpl

[ https://issues.apache.org/jira/browse/DERBY-7147?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17629837#comment-17629837 ] Richard N. Hillegas commented on DERBY-7147: As a first step toward fixing this issue, I want