Mercurial > dive4elements > river
diff flys-artifacts/ChangeLog @ 2098:8284c8fca840
Removed security problem when working with map infos.
flys-artifacts/trunk@3650 c6561f87-3c4e-4783-a992-168aeb5c3f6f
author | Sascha L. Teichmann <sascha.teichmann@intevation.de> |
---|---|
date | Wed, 11 Jan 2012 11:54:16 +0000 |
parents | a18ec861b4a4 |
children | 925c88ecb842 |
line wrap: on
line diff
--- a/flys-artifacts/ChangeLog Wed Jan 11 11:01:36 2012 +0000 +++ b/flys-artifacts/ChangeLog Wed Jan 11 11:54:16 2012 +0000 @@ -1,3 +1,9 @@ +2012-01-11 Sascha L. Teichmann <sascha.teichmann@intevation.de> + + * src/main/java/de/intevation/flys/artifacts/services/MapInfoService.java: + Removed XPath injection security hole. A serious one because it allowed + inspecting the conf.xml file ... with all the db passwords. + 2012-01-11 Sascha L. Teichmann <sascha.teichmann@intevation.de> * src/main/java/de/intevation/flys/artifacts/services/MapInfoService.java,