Loading...

XML

Word

Printable

Type: Bug
Resolution: Done
Priority: Major
Fix Version/s: 7.1.5.CR1, 7.1.5.GA
Affects Version/s: None
Component/s: Security
Labels:
- Verified

Bugzilla References:
https://bugzilla.redhat.com/show_bug.cgi?id=1594389
CDW devel_ack:
CDW docs_ack:
CDW pm_ack:
CDW qa_ack:
CDW release:
Target Release:

7.1.z.GA
Git Pull Request:
https://github.com/jbossas/redhat-picketlink/pull/61

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

This was partially fixed in EAP 6.4.19, but there are other settings ( LogOutUrl, LogOutResponseLocation, etc) in the picketlink.xml that still do not allow for variable substitution.

blocks

JBEAP-15316 [GSS](7.1.z) (picketlink-bindings) The fix for CVE-2017-2582 breaks the feature of attribute replacement with system property in picketlink.xml

Closed

is cloned by

JBEAP-15316 [GSS](7.1.z) (picketlink-bindings) The fix for CVE-2017-2582 breaks the feature of attribute replacement with system property in picketlink.xml

Closed

JBEAP-15494 (7.2.0) (picketlink) The fix for CVE-2017-2582 breaks the feature of attribute replacement with system property in picketlink.xml

Closed

PLINK-780 [GSS](7.1.z) The fix for CVE-2017-2582 breaks the feature of attribute replacement with system property in picketlink.xml

Open

is incorporated by

JBEAP-15043 (7.1.z) Upgrade PicketLink from 2.5.5.SP12 to 2.5.5.SP12-redhat-2

Closed

is related to

JBEAP-13878 [GSS](7.1.z) The fix for CVE-2017-2582 breaks the feature of attribute replacement with system property in picketlink.xml

Closed

(1 is related to)

Assignee:: Ilia Vassilev

Reporter:: Derek Horton

Votes:: 0 Vote for this issue

Watchers:: 6 Start watching this issue

Created:: 2018/06/22 3:50 PM

Updated:: 2023/06/05 2:33 PM

Resolved:: 2018/09/06 11:25 AM

Details

Description

Attachments

Issue Links

Activity

People

Dates