VelocityLayoutServlet allows clients to specify "layout" without performing any security checks. ------------------------------------------------------------------------------------------------
Key: VELTOOLS-150 URL: https://issues.apache.org/jira/browse/VELTOOLS-150 Project: Velocity Tools Issue Type: Bug Components: VelocityView Affects Versions: 2.0, 1.4 Environment: Velocity 1.7, Velocity Tools 2.0. Confirmed also affects Velocity 1.4, Velocity Tools 1.4. Reporter: Christopher Schultz Priority: Critical For reference: http://markmail.org/thread/43cz2dymzmxjjrq5 -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@velocity.apache.org For additional commands, e-mail: dev-h...@velocity.apache.org