[ https://issues.apache.org/jira/browse/KARAF-4993?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15924310#comment-15924310 ]
ASF subversion and git services commented on KARAF-4993: -------------------------------------------------------- Commit cfa213ad680ded70b70bf0c648891a06386ef632 in karaf's branch refs/heads/master from [~ch...@die-schneider.net] [ https://git-wip-us.apache.org/repos/asf?p=karaf.git;h=cfa213a ] [KARAF-4993] Remove alias property to fix security issue > Unsecured access to gogo console over web > ----------------------------------------- > > Key: KARAF-4993 > URL: https://issues.apache.org/jira/browse/KARAF-4993 > Project: Karaf > Issue Type: Bug > Components: karaf-webconsole > Affects Versions: 4.1.0, 3.0.8, 4.0.8 > Reporter: Christian Schneider > Priority: Blocker > Fix For: 3.0.9, 4.0.9, 4.1.1 > > > Start plain karaf 4.1.0 > feature:install webconsole http-whiteboard > Acess http://localhost:8181/gogo/ > Unsecured access to the gogo console > If I use http://localhost:8181/gogo > NPE http://apaste.info/wQTBD > So it seems like the http whiteboard extender picks up the gogo webconsole > plugin. > Thanks to Kevin Schmidt for finding this issue. -- This message was sent by Atlassian JIRA (v6.3.15#6346)