Loading...

XML

Word

Printable

Type: Bug
Resolution: Done
Priority: Major
Fix Version/s: 2.3.1.Final, 2.2.22.Final
Affects Version/s: None
Component/s: None
Labels:
None

Git Pull Request:
https://github.com/undertow-io/undertow/pull/1399, https://github.com/undertow-io/undertow/pull/1418
Target Release:

7.backlog.GA
CDW devel_ack:

13.8.4 "Uncovered HTTP Protocol Methods":

When HTTP methods are not enumerated within a security-constraint, the protections defined by the constraint apply to the complete set of HTTP (extension) methods. In that case, there are no uncovered HTTP methods at all request URLs for which a url-pattern of the security-constraint is a best match.

causes

UNDERTOW-2209 deny-uncovered-methods grants access to forbidden methods when default security is blank

Closed

is incorporated by

JBEAP-23166 [GSS](7.4.z) UNDERTOW-2211 <deny-uncovered-http-methods /> causes forbidden access for anonymous resources access.

Verified

WFCORE-6217 Upgrade Undertow from 2.3.0.Final to 2.3.4.Final

Closed

relates to

UNDERTOW-2211 deny-uncovered-methods regards omitted methods as covered

Resolved

UNDERTOW-2213 Revert deny-uncovered-methods fix for corner case

Closed

Assignee:: Bartosz Baranowski

Reporter:: Bartosz Baranowski

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Created:: 2022/10/19 9:58 AM

Updated:: 2023/02/01 10:17 AM

Resolved:: 2022/12/09 7:41 AM

Details

Description

Attachments

Issue Links

Activity

People

Dates