-
Type:
Information
-
Status: Closed
-
Resolution: Fixed
-
Affects Version/s: 4.2.4
-
Fix Version/s: None
-
Component/s: Alfresco Explorer
-
Labels:None
-
Bug Priority:
Category 2
-
ACT Numbers:
00431650
customer is affected by ALF-20726 that is not going to be fixed as Explorer is being deprecated.
I proposed to disable Explorer commenting out in alfresco web.xml the lines:
<servlet-mapping> <servlet-name>Faces Servlet</servlet-name> <url-pattern>/faces/*</url-pattern> </servlet-mapping>
This satisfies the customer only partially as
1) the login page still appears
2) his static code analyser still fires on those JSP files.
Could Engineering confirm how one could remove Explorer code.
Would searching in the alfresco.war for all files ending with '.jsp' and removing them do the job?
Or would that be too brutal and possibly break something else?
Please advise what the recommended stronger method would be.
Kind regards
Alex Madon
- relates to
-
ALF-20726 Possible XSS Vulnerability
-
- Closed
-