[jira] Commented: (TAP5-815) Asset dispatcher allows any file inside the webapp visible and downloadable

Christian Riedel (JIRA) Thu, 05 Nov 2009 11:33:04 -0800

    [ 
https://issues.apache.org/jira/browse/TAP5-815?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12774042#action_12774042
 ]


Christian Riedel commented on TAP5-815:
---------------------------------------

@Alex: the issue definitely affects 5.0.18, too! I pointed this out in a 
discussion on the mailing list. Just have a look into the second post in the 
thread:

http://old.nabble.com/Running-Tapestry-5.0.18-on-Google-App-Engine-ts25133064s302.html




> Asset dispatcher allows any file inside the webapp visible and downloadable
> ---------------------------------------------------------------------------
>
>                 Key: TAP5-815
>                 URL: https://issues.apache.org/jira/browse/TAP5-815
>             Project: Tapestry 5
>          Issue Type: Bug
>    Affects Versions: 5.1.0.5
>            Reporter: Thiago H. de Paula Figueiredo
>            Assignee: Robert Zeigler
>            Priority: Blocker
>
> Take any asset and you have an URL like 
> domain.com/assets/ctx/f10407a6c1753e39/css/main.css. If you request 
> domain.com/assets/ctx/f10407a6c1753e39/, a list containing all the files 
> inside the webapp root is shown. It gives you the hint at downloading any 
> file you want, including anyting inside WEB-INF and assets that should be 
> protected by ResourceDigestGenerator.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Commented: (TAP5-815) Asset dispatcher allows any file inside the webapp visible and downloadable

Reply via email to