[ https://issues.apache.org/jira/browse/VELTOOLS-150?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Michael Osipov closed VELTOOLS-150. ----------------------------------- > VelocityLayoutServlet allows clients to specify "layout" without performing > any security checks. > ------------------------------------------------------------------------------------------------ > > Key: VELTOOLS-150 > URL: https://issues.apache.org/jira/browse/VELTOOLS-150 > Project: Velocity Tools > Issue Type: Bug > Components: VelocityView > Affects Versions: 1.4, 2.0 > Environment: Velocity 1.7, Velocity Tools 2.0. > Confirmed also affects Velocity 1.4, Velocity Tools 1.4. > Reporter: Christopher Schultz > Assignee: Claude Brisson > Priority: Critical > Labels: security > Fix For: 3.0 > > > For reference: > http://markmail.org/thread/43cz2dymzmxjjrq5 -- This message was sent by Atlassian JIRA (v7.6.3#76005) --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@velocity.apache.org For additional commands, e-mail: dev-h...@velocity.apache.org