[jira] [Closed] (VELTOOLS-150) VelocityLayoutServlet allows clients to specify "layout" without performing any security checks.

Michael Osipov (JIRA) Sat, 29 Sep 2018 15:07:23 -0700


     [ 
https://issues.apache.org/jira/browse/VELTOOLS-150?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Michael Osipov closed VELTOOLS-150.
-----------------------------------

> VelocityLayoutServlet allows clients to specify "layout" without performing 
> any security checks.
> ------------------------------------------------------------------------------------------------
>
>                 Key: VELTOOLS-150
>                 URL: https://issues.apache.org/jira/browse/VELTOOLS-150
>             Project: Velocity Tools
>          Issue Type: Bug
>          Components: VelocityView
>    Affects Versions: 1.4, 2.0
>         Environment: Velocity 1.7, Velocity Tools 2.0.
> Confirmed also affects Velocity 1.4, Velocity Tools 1.4.
>            Reporter: Christopher Schultz
>            Assignee: Claude Brisson
>            Priority: Critical
>              Labels: security
>             Fix For: 3.0
>
>
> For reference:
> http://markmail.org/thread/43cz2dymzmxjjrq5



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@velocity.apache.org
For additional commands, e-mail: dev-h...@velocity.apache.org

[jira] [Closed] (VELTOOLS-150) VelocityLayoutServlet allows clients to specify "layout" without performing any security checks.

Reply via email to