-
Notifications
You must be signed in to change notification settings - Fork 268
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[JBEAP-26657] CVE-2024-1233 eap: JBoss EAP: wildfly-elytron has a SSRF security issue [eap-7.4.z] #2124
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks @ivassile!
@ivassile Does it occur in 2.x also? I'm wondering if the problem is connected to htlmunit dependency and they have the same version in both branches |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@ivassile Can you please rebase? Thanks! |
token validation to make sure it exactly matches a value from a configured list of allowed values
Issue: https://issues.redhat.com/browse/JBEAP-26657
Upstream issue: https://issues.redhat.com/browse/JBEAP-26556
Upstream PR: https://github.com/jbossas/wildfly-elytron/pull/14