-
Bug
-
Resolution: Fixed
-
Critical
-
2.4.6
-
None
-
-
Empty show more show less
-
Yes
-
Yes
-
Basel 62
-
8
In order to use the processed resources app, one has to enable the URI2RepositoryMapping for the resources workspace. Since 5.4 the resources workspace contains FTL and YAML files, and these are exposed to the website user over the mapping.
The new resourcing has security checks in place exactly for this reason (hardcoded in ResourcesServlet for yaml, ftl, class, java).
Please add equivalent security checks to the processed resources app.
Proposed Solution
Proposal can be found at https://wiki.magnolia-cms.com/pages/viewpage.action?pageId=125176642
Acceptance criteria
- is related to
-
MGNLRES-284 Exposed files via new resources module
- Closed