Uploaded image for project: 'JBoss Enterprise Application Platform'
  1. JBoss Enterprise Application Platform
  2. JBEAP-15499

(7.2.0) (picketlink-bindings) The fix for CVE-2017-2582 breaks the feature of attribute replacement with system property in picketlink.xml

    XMLWordPrintable

Details

    Description

      This was partially fixed in EAP 6.4.19, but there are other settings ( LogOutUrl, LogOutResponseLocation, etc) in the picketlink.xml that still do not allow for variable substitution.

      Attachments

        Issue Links

          Activity

            People

              rhn-support-ivassile Ilia Vassilev
              rhn-support-ivassile Ilia Vassilev
              Ondrej Kotek Ondrej Kotek
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: