Loading...

XML

Word

Printable

Type: Bug
Resolution: Done
Priority: Critical
Fix Version/s: 2.2.23.Final, 2.3.4.Final
Affects Version/s: 2.3.4.Final
Component/s: None
Labels:
None

Git Pull Request:
https://github.com/undertow-io/undertow/pull/1433, https://github.com/undertow-io/undertow/pull/1440

This is causing TCK to fail. If a method is declared in http-method-omission, it is uncovered by the security-constraint. If no other security constraint covers the method, it must be treated as uncovered.

Also, add a test for deny uncovered methods. It should include the scenarios fixed by ~~UNDERTOW-2188~~ and ~~UNDERTOW-2209~~

blocks

JBEAP-24220 [GSS](7.4.z) Upgrade JBoss Metadata from 13.0.0.Final-redhat-00001 to 13.4.0.Final-redhat-00001

Closed

is related to

UNDERTOW-2209 deny-uncovered-methods grants access to forbidden methods when default security is blank

Closed

UNDERTOW-2188 Adjust corner case of covered methods if no methods are present

Closed

relates to

UNDERTOW-2213 Revert deny-uncovered-methods fix for corner case

Closed

Assignee:: Flavia Rainone

Reporter:: Flavia Rainone

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Created:: 2022/12/14 7:19 AM

Updated:: 2023/02/14 5:31 AM

Resolved:: 2023/02/06 5:20 AM

Details

Description

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates