nett wrote:
Afternoon Thijs:
I wanted to check back and see if you contributed your fix back to the
GeoServer project?
I remembered that you had found a fix, and wanted to make sure you
were in a position to submit a patch and so forth.
--
Jody Garnett
On 14 March 2013 at 8:55:15 am, Thijs Bren
Hi list,
Sorry I didn't finish the work completely and missed these emails.
Justin, I'll try to help you with my initial work. Would be great if you
could create a pull request (I am working on other projects now) for the
newer Geoserver versions, otherwise I try to find time one of these days
lease feel free to try and give any feedback! And if I can do
anything to help it further, just let me know.
Thijs
On 13-03-13 12:02, Thijs Brentjens wrote:
> Hello Gabriel,
>
> Thanks for looking it up and pointing to the code! For the SRS parameter
> the solution you implemented see
what's going on and the XSS vulnerability exists while
> calling a gwc service I'll be glad to look deeper into it.
>
> Cheers,
> Gabriel
>
> On Mon, Mar 11, 2013 at 2:13 PM, Thijs Brentjens
> wrote:
>> re 1):
>> There is/was some discussion on XSS already,
On 11-03-13 20:17, Andrea Aime wrote:
On Mon, Mar 11, 2013 at 6:13 PM, Thijs Brentjens
mailto:li...@brentjensgeoict.nl>> wrote:
Before I get my hands dirty myself: has someone a solution available
maybe (I can't see any activity now, but you never know) or knows of
so
Hi list,
Recently a security expert took a look at an application, using
Geoserver, I have been working on. I'd like to share some results of
that test and discuss two vulnerabilities found. And I am looking for
already existing / possible solutions (before starting to develop
something myself
Environment: Geoserver 1.7.0RC3, Tomcat 6.0, Windows 2003 server SP1
Reporter: Thijs Brentjens
Assignee: Andrea Aime
Priority: Minor
When setting the SRS handling for a featureType using the configuration UI, it
is changed in a running Geoserver instance
