-
Improvement
-
Resolution: Fixed
-
Major
-
3.0 Final
-
-
Empty show more show less
-
Sprint 7 (Kromeriz)
-
3
The content can be accessed with any extension e.g.
http://localhost:8080/magnoliaAuthor/demo-project.zzzzzzzzzzz
or
http://localhost:8080/magnoliaAuthor/demo-project.htmlasdfsd
Due to this fact the security scans can see source code disclosure vulnerability in images or other resources.
Out of the box Magnolia installation should instead check extensions against those registered under config:/server/MIMEMappings and allow only no extension or registered extensions to be used.
To allow for backward compatibility, this behaviour should be configurable.
- is related to
-
MGNLIMG-115 Images are displayed regardless of its extension
- Closed
- relates to
-
MAGNOLIA-6626 Generated links do not have always the same format
- Closed