[
https://issues.apache.org/jira/browse/SLING-9768?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Radu Cotescu resolved SLING-9768.
---------------------------------
Fix Version/s: Scripting HTL Testing Content 1.0.22-1.4.0
Scripting HTL Testing 1.0.24-1.4.0
Resolution: Fixed
Implemented changes in:
* [commit
714cc2d|https://github.com/apache/sling-org-apache-sling-scripting-core/commit/714cc2d]
* [commit
f34a9b3|https://github.com/apache/sling-org-apache-sling-scripting-sightly/commit/f34a9b3]
* [commit
33c3f8f|https://github.com/apache/sling-org-apache-sling-scripting-sightly-testing-content/commit/33c3f8f]
* [commit
804f280|https://github.com/apache/sling-org-apache-sling-scripting-sightly-testing/commit/804f280]
> The org.apache.sling.api.scripting.SlingScript#getScriptResource
> implementations should not leak the scripting resolver
> -----------------------------------------------------------------------------------------------------------------------
>
> Key: SLING-9768
> URL: https://issues.apache.org/jira/browse/SLING-9768
> Project: Sling
> Issue Type: Bug
> Components: Scripting
> Affects Versions: Scripting Core 2.3.0, Scripting HTL Engine 1.4.2-1.4.0
> Reporter: Radu Cotescu
> Assignee: Radu Cotescu
> Priority: Major
> Fix For: Scripting Core 2.3.4, Scripting HTL Engine 1.4.4-1.4.0,
> Scripting HTL Testing 1.0.24-1.4.0, Scripting HTL Testing Content 1.0.22-1.4.0
>
>
> Since the {{SlingScript}} is usually made available via the {{bindings}} to
> the current executing script, the resolver that can be accessed via
> {{org.apache.sling.api.scripting.SlingScript#getScriptResource}} should not
> give elevated access to the caller. This means that either the caller is
> responsible for the mapped resolver (by getting a mapped resolver to the
> bundle the caller comes from via script precompilation), or the resolver
> should be the request resolver.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
