You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Files accessible in the class path can be resolved via URL.
This is the intended design of the MVC. No known security risks exist. But we should revisit how the MVC performs static file resolution and consider modifying it to avoid confusion.
These files are shipped anyway and publicly available.
Update the FusionAuth static file resolution configuration to further limit class path resolution. While no known security risks exist with the current behavior, it is not necessary.
The text was updated successfully, but these errors were encountered:
robotdan
changed the title
SQL files served on FusionAuth-hosted nodes
Schema files accessible via URL in FusionAuth
Sep 11, 2023
Schema files accessible via URL in FusionAuth
Description
Files accessible in the class path can be resolved via URL.
This is the intended design of the MVC. No known security risks exist. But we should revisit how the MVC performs static file resolution and consider modifying it to avoid confusion.
These files are shipped anyway and publicly available.
Observed in version
1.47.0
Affects versions
TBD
Internal
Community guidelines
All issues filed in this repository must abide by the FusionAuth community guidelines.
Release Notes
Update the FusionAuth static file resolution configuration to further limit class path resolution. While no known security risks exist with the current behavior, it is not necessary.
The text was updated successfully, but these errors were encountered: