[MGNLSTK-800] ClassCastException in STK Demo Project when retrieving paragraph through URL Created: 29/Sep/11 Updated: 04/Nov/15 Resolved: 04/Nov/15 |
|
| Status: | Closed |
| Project: | Magnolia Standard Templating Kit (closed) |
| Component/s: | None |
| Affects Version/s: | 1.4.5 |
| Fix Version/s: | None |
| Type: | Bug | Priority: | Neutral |
| Reporter: | Edgar Vonk | Assignee: | Philipp Bärfuss |
| Resolution: | Won't Do | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Environment: |
Mac OS Lion, Magnolia Community 4.4.5, Tomcat Bundle |
||
| Attachments: |
|
| Template: |
|
| Acceptance criteria: |
Empty
|
| Date of First Response: |
| Description |
|
On the default Magnolia Community 4.4.5 with the STK JARs installed when I retrieve this paragraph using the URL: I see in the logs: I am not sure if this is a bug in the STK but it seems so? If so, this can be quite harmfull for existing Magnolia (STK) sites I think. It should be fairly easy to think of a DoD attack using such paragraph URLs. The log file will flood in no time I think. On a side note: I wonder if it is a good idea to 'enable' these paragraph URLs by default? It is not wise to disable this feature by default and let people explicitly enable it? Because this bug shows it can be quite risky? I have attached the log file. |
| Comments |
| Comment by Michael Mühlebach [ 04/Nov/15 ] |
|
Given the thousands of other issues we have open that are more highly requested, we won't be able to address this issue in the foreseeable future. Instead we will focus on issues with a higher impact, and more votes. |