diff flys-artifacts/ChangeLog @ 2098:8284c8fca840

Removed security problem when working with map infos. flys-artifacts/trunk@3650 c6561f87-3c4e-4783-a992-168aeb5c3f6f
author Sascha L. Teichmann <sascha.teichmann@intevation.de>
date Wed, 11 Jan 2012 11:54:16 +0000
parents a18ec861b4a4
children 925c88ecb842
line wrap: on
line diff
--- a/flys-artifacts/ChangeLog	Wed Jan 11 11:01:36 2012 +0000
+++ b/flys-artifacts/ChangeLog	Wed Jan 11 11:54:16 2012 +0000
@@ -1,3 +1,9 @@
+2012-01-11	Sascha L. Teichmann	<sascha.teichmann@intevation.de>
+
+	* src/main/java/de/intevation/flys/artifacts/services/MapInfoService.java:
+	  Removed XPath injection security hole. A serious one because it allowed
+	  inspecting the conf.xml file ... with all the db passwords.
+
 2012-01-11	Sascha L. Teichmann	<sascha.teichmann@intevation.de>
 
 	* src/main/java/de/intevation/flys/artifacts/services/MapInfoService.java,

http://dive4elements.wald.intevation.org