[jira] [Commented] (VELTOOLS-150) VelocityLayoutServlet allows clients to specify "layout" without performing any security checks.

[ https://issues.apache.org/jira/browse/VELTOOLS-150?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16522904#comment-16522904 ] Claude Brisson commented on VELTOOLS-150: - I totally agree. At first I commite

[jira] [Commented] (VELTOOLS-150) VelocityLayoutServlet allows clients to specify "layout" without performing any security checks.

[ https://issues.apache.org/jira/browse/VELTOOLS-150?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13189891#comment-13189891 ] Nathan Bubna commented on VELTOOLS-150: --- Agreed on all points. >

[jira] [Commented] (VELTOOLS-150) VelocityLayoutServlet allows clients to specify "layout" without performing any security checks.

[ https://issues.apache.org/jira/browse/VELTOOLS-150?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13189838#comment-13189838 ] Christopher Schultz commented on VELTOOLS-150: -- Sure, I can do a simple fix

[jira] [Commented] (VELTOOLS-150) VelocityLayoutServlet allows clients to specify "layout" without performing any security checks.

[ https://issues.apache.org/jira/browse/VELTOOLS-150?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13189234#comment-13189234 ] Nathan Bubna commented on VELTOOLS-150: --- Ok, while this still feels like something

[jira] [Commented] (VELTOOLS-150) VelocityLayoutServlet allows clients to specify "layout" without performing any security checks.

[ https://issues.apache.org/jira/browse/VELTOOLS-150?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13182702#comment-13182702 ] Christopher Schultz commented on VELTOOLS-150: -- I see us having several opt