[
https://issues.apache.org/jira/browse/SHINDIG-1160?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
chirag shah updated SHINDIG-1160:
---------------------------------
Attachment: min_flash_version.diff
I have kept the minimum flash version at 9.0.11, but it *should* be bumped up
to 9.0.246.0.
9.0.115 is vulnerable to SWF file remote code execution
> [patch] Make the flash min version configurable
> ------------------------------------------------
>
> Key: SHINDIG-1160
> URL: https://issues.apache.org/jira/browse/SHINDIG-1160
> Project: Shindig
> Issue Type: Bug
> Components: Java
> Reporter: chirag shah
> Attachments: min_flash_version.diff
>
>
> When flash security issues are uncovered, containers often bump up the
> minimum flash version to a version that's more secure.
> Currently the minimum flash version is hard coded and buried inside
> FlashTagHandler. This patch puts the min flash version inside the
> shindig.properties file.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
