[ https://issues.apache.org/jira/browse/PORTLETBRIDGE-235?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Scott O'Bryan deleted PORTLETBRIDGE-235: ---------------------------------------- > Security Vulnerability exposed via viewId related request parameters. > ---------------------------------------------------------------------- > > Key: PORTLETBRIDGE-235 > URL: https://issues.apache.org/jira/browse/PORTLETBRIDGE-235 > Project: MyFaces Portlet Bridge > Issue Type: Bug > Reporter: Ross Clewley > Assignee: Scott O'Bryan > Priority: Critical > > The Portlet Bridge has a security vulnerability in which in which the request > parameters _jsfBridgeViewId, __jpfbJSFTARGET and __jpfbJSFResTARGET are not > restricted to valid filename characters. -- This message was sent by Atlassian JIRA (v6.2#6252)