On Mon, Nov 6, 2023 at 7:30 AM Oliver Hanraths <[email protected]> wrote: > > Hi Ben,
Hi! > > However, if you need to mitigate immediately, you could replace > > underscore in any version with a config override: > > Yeah, I know. Even though the affected file won’t be used by the > application it would still be there and be detected by security scanners > on the server. Only if the security scanner guess the outdated file's URL. With Ben's code, the outdated one wouldn't be included in pages at all. > Or do you happen to know a way to exclude the file (from within the > Tapestry core lib) from the final war file, e. g. a Gradle task? You can create an URL rewrite rule to make requests to the old file go to the new one or write a Dispatcher or RequestFilter that return a 404 status for it. > > Thanks a lot, > Oliver -- Thiago H. de Paula Figueiredo --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
