[SWF-1700] CVE-2017-4971: Avoid use of SpEL parser for empty value expressions - Spring JIRA

Details

Type: Improvement
Status: Resolved
Priority: Minor
Resolution: Complete
Affects Version/s: 2.4.4
Fix Version/s: 2.4.5, 2.5.RC1
Component/s: Core: View Selection Rendering
Labels:
None

Description

This ticket is for fixing CVE-2017-4971.

Attachments

Issue Links

is related to

SWF-1711 CVE-2017-8039: Validate data binding expression in AbstractMvcView

Resolved

Activity

People

Assignee:

Rossen Stoyanchev

Reporter:

Rossen Stoyanchev

Votes:

0 Vote for this issue

Watchers:

1 Start watching this issue

Dates

Created:

31/May/17 4:19 PM

Updated:

15/Sep/17 7:54 PM

Resolved:

31/May/17 4:22 PM