Mercurial > dive4elements > river

diff flys-artifacts/ChangeLog @ 2098:8284c8fca840
Removed security problem when working with map infos. flys-artifacts/trunk@3650 c6561f87-3c4e-4783-a992-168aeb5c3f6f
author: Sascha L. Teichmann <sascha.teichmann@intevation.de>
date: Wed, 11 Jan 2012 11:54:16 +0000
parents: a18ec861b4a4
children: 925c88ecb842
--- a/flys-artifacts/ChangeLog	Wed Jan 11 11:01:36 2012 +0000
+++ b/flys-artifacts/ChangeLog	Wed Jan 11 11:54:16 2012 +0000
@@ -1,3 +1,9 @@
+2012-01-11	Sascha L. Teichmann	<sascha.teichmann@intevation.de>
+
+	* src/main/java/de/intevation/flys/artifacts/services/MapInfoService.java:
+	  Removed XPath injection security hole. A serious one because it allowed
+	  inspecting the conf.xml file ... with all the db passwords.
+
 2012-01-11	Sascha L. Teichmann	<sascha.teichmann@intevation.de>
 
 	* src/main/java/de/intevation/flys/artifacts/services/MapInfoService.java,
author	Sascha L. Teichmann <sascha.teichmann@intevation.de>
date	Wed, 11 Jan 2012 11:54:16 +0000
parents	a18ec861b4a4
children	925c88ecb842