[MGNLDAM-703] Security improvements Created: 24/Mar/17  Updated: 11/Jul/17  Resolved: 10/Apr/17

Status: Closed
Project: Magnolia DAM Module
Component/s: DAM Core
Affects Version/s: 2.2.2
Fix Version/s: None

Type: Bug Priority: Neutral
Reporter: Ondrej Chytil Assignee: Unassigned
Resolution: Not an issue Votes: 0
Labels: support
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
relation
Template:
Acceptance criteria:
Empty
Task DoD:
[ ]* Doc/release notes changes? Comment present?
[ ]* Downstream builds green?
[ ]* Solution information and context easily available?
[ ]* Tests
[ ]* FixVersion filled and not yet released
[ ]  Architecture Decision Record (ADR)
Bug DoR:
[ ]* Steps to reproduce, expected, and actual results filled
[ ]* Affected version filled
Date of First Response:
Sprint: Kromeriz 90
Story Points: 2

 Description   

Valid findings of Frost Bank code scan:

Log Forging

Class Code
magnolia-dam-core​/info​/magnolia​/dam​/core​/download​/DamDownloadServlet​.java:284 private static final Logger log = LoggerFactory.getLogger(DamDownloadServlet.class);
magnolia-dam-core​/info​/magnolia​/dam​/core​/download​/DamDownloadServlet​.java:187 private static final Logger log = LoggerFactory.getLogger(DamDownloadServlet.class);


 Comments   
Comment by Roman Kovařík [ 10/Apr/17 ]

Closing, see related comments https://jira.magnolia-cms.com/browse/MAGNOLIA-6998?focusedCommentId=141499&page=com.atlassian.jira.plugin.system.issuetabpanels%3Acomment-tabpanel#comment-141499

Generated at Mon Feb 12 05:02:26 CET 2024 using Jira 9.4.2#940002-sha1:46d1a51de284217efdcb32434eab47a99af2938b.