Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Schema files accessible via URL in FusionAuth #2462

Closed
lyleschemmerling opened this issue Sep 11, 2023 · 1 comment
Closed

Schema files accessible via URL in FusionAuth #2462

lyleschemmerling opened this issue Sep 11, 2023 · 1 comment
Assignees
@robotdan
Labels
internals Non-functional nerdy boring stuff
Projects
FusionAuth Issues
Milestone
1.48.0

Comments

@lyleschemmerling
Copy link

lyleschemmerling commented Sep 11, 2023
edited by robotdan

Schema files accessible via URL in FusionAuth

Description

Files accessible in the class path can be resolved via URL.

This is the intended design of the MVC. No known security risks exist. But we should revisit how the MVC performs static file resolution and consider modifying it to avoid confusion.

These files are shipped anyway and publicly available.

Observed in version

1.47.0

Affects versions

TBD

Internal

Community guidelines

All issues filed in this repository must abide by the FusionAuth community guidelines.

Release Notes

Update the FusionAuth static file resolution configuration to further limit class path resolution. While no known security risks exist with the current behavior, it is not necessary.
@robotdan robotdan changed the title SQL files served on FusionAuth-hosted nodes Schema files accessible via URL in FusionAuth Sep 11, 2023
@robotdan robotdan added this to the 1.48.0 milestone Sep 12, 2023
@robotdan
Copy link
Member

robotdan commented Sep 12, 2023
edited

Internal:

@robotdan robotdan self-assigned this Sep 12, 2023
@robotdan robotdan added the enhancement New feature or request label Sep 12, 2023
@robotdan robotdan added this to Backlog in FusionAuth Issues via automation Sep 27, 2023
@robotdan robotdan moved this from Backlog to Reviewer approved in FusionAuth Issues Sep 27, 2023
@robotdan robotdan moved this from Reviewer approved to Code complete in FusionAuth Issues Oct 11, 2023
@robotdan robotdan added internals Non-functional nerdy boring stuff and removed enhancement New feature or request security labels Oct 20, 2023
@robotdan robotdan moved this from Code complete to Delivered in FusionAuth Issues Oct 30, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@robotdan robotdan

Labels
internals Non-functional nerdy boring stuff
Projects
FusionAuth Issues
  
Delivered
Milestone
1.48.0
Development

No branches or pull requests
2 participants
@robotdan @lyleschemmerling