[magnolia-dev] [JIRA] Commented: (MAGNOLIA-2021) activation: security hole if you activate a new item

Grégory Joseph (JIRA) Thu, 24 Jan 2008 09:20:57 -0800

    [ 
http://jira.magnolia.info/browse/MAGNOLIA-2021?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15686#action_15686
 ]


Grégory Joseph commented on MAGNOLIA-2021:
------------------------------------------

please link related issues when appropriate - please use the multiple jira IDs 
in svn commit messages when appropriate

> activation: security hole if you activate a new item
> ----------------------------------------------------
>
>                 Key: MAGNOLIA-2021
>                 URL: http://jira.magnolia.info/browse/MAGNOLIA-2021
>             Project: Magnolia
>          Issue Type: Bug
>          Components: activation
>    Affects Versions: 3.5.3
>            Reporter: Philipp Bracher
>            Assignee: Philipp Bracher
>            Priority: Blocker
>             Fix For: 3.5.4
>
>
> The url /ActivationHandler is not protected and if you activate a new item 
> the security checks are bypassed (import)
> *As from 3.5.4, the default activation URL  is .magnolia/activation - The old 
> url is supported through a VirtualURI*

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: 
http://jira.magnolia.info/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira



----------------------------------------------------------------
for list details see
http://documentation.magnolia.info/docs/en/editor/stayupdated.html
----------------------------------------------------------------

[magnolia-dev] [JIRA] Commented: (MAGNOLIA-2021) activation: security hole if you activate a new item

Reply via email to