oliver z created HTTPCORE-338:
----------------------------------
Summary: A security test showed some "warnings"
Key: HTTPCORE-338
URL: https://issues.apache.org/jira/browse/HTTPCORE-338
Project: HttpComponents HttpCore
Issue Type: Bug
Components: HttpCore
Affects Versions: 4.2.4
Reporter: oliver z
I use HttpCore 4.2.4 and HttpClient 4.2.5 in a project which just got scanned
by a security framework that showed me some warnings and i would like to know
if that is a real risk or just a false positive.
ChunkedOutputStream.java 97
ChunkedOutputStream.java 109
ChunkedOutputStream.java 110
ContentLengthOutputStream.java 119
It says it should be avoided to directly embed user input in log files.
User-supplied data should be sanitized to construct log entries and a safe
logging mechanism should be used like OWASP ESAPI logger which automatically
removes unexpected carriage returns and line feeds. User supplied data should
always be validated.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
