Maven Petals Plugin

JBI archives contain a file (/META-INF/) that would be extracted outside of the target directory

Details

  • Type: Bug Bug
  • Status: Resolved Resolved
  • Priority: Critical Critical
  • Resolution: Fixed
  • Affects Version/s: 3.3.0
  • Fix Version/s: 3.4.0
  • Component/s: jbi-package
  • Security Level: Public
  • Description:

    OWASP Dependency-Checker detects that JBI archives generated by the Maven Petals plugin are invalid because they contain a file (/META-INF/) that would be extracted outside of the target directory.

  • Environment:
    -

Activity

Descending order - Click to sort in ascending order
Hide
Permalink
Christophe DENEUX added a comment - Fri, 26 Jul 2024 - 13:24:43 +0200

Fixed in trunk with svn#45286

Show
Christophe DENEUX added a comment - Fri, 26 Jul 2024 - 13:24:43 +0200 Fixed in trunk with svn#45286
Hide
Permalink
Christophe DENEUX added a comment - Fri, 26 Jul 2024 - 13:04:08 +0200

Each file contained in the directory 'META-INF' is registered as an absolute entry in the ZIP file. That is forbidden, each entry must be relative to the implicit root of the ZIP file.

Show
Christophe DENEUX added a comment - Fri, 26 Jul 2024 - 13:04:08 +0200 Each file contained in the directory 'META-INF' is registered as an absolute entry in the ZIP file. That is forbidden, each entry must be relative to the implicit root of the ZIP file.

People

Dates

  • Created:
    Fri, 26 Jul 2024 - 13:02:22 +0200
    Updated:
    Fri, 26 Jul 2024 - 13:24:43 +0200
    Resolved:
    Fri, 26 Jul 2024 - 13:24:43 +0200
Atlassian JIRA (v4.1.2#531) | Report a problem | Request a feature | Contact administrators
Powered by a free Atlassian JIRA open source license for Petals ESB. Try JIRA - bug tracking software for your team.