[MRM-1438] [CVE-2010-3449]

author Maria Odea B. Ching <oching@apache.org>

Wed, 24 Nov 2010 08:16:46 +0000 (08:16 +0000)

committer Maria Odea B. Ching <oching@apache.org>

Wed, 24 Nov 2010 08:16:46 +0000 (08:16 +0000)
author Maria Odea B. Ching <oching@apache.org>
Wed, 24 Nov 2010 08:16:46 +0000 (08:16 +0000)
committer Maria Odea B. Ching <oching@apache.org>
Wed, 24 Nov 2010 08:16:46 +0000 (08:16 +0000)
diff --git a/archiva-modules/archiva-web/archiva-webapp/src/main/resources/struts.xml b/archiva-modules/archiva-web/archiva-webapp/src/main/resources/struts.xml

index 13884333594be782554050018dc9c1ff599f99ff..1760450a5fa983105891e9fd0b3c48a81922189a 100644 (file)
--- a/archiva-modules/archiva-web/archiva-webapp/src/main/resources/struts.xml
+++ b/archiva-modules/archiva-web/archiva-webapp/src/main/resources/struts.xml
@@ -41,7 +41,9 @@
          <interceptor-ref name="paramFilter">
            <param name="blocked">externalResult</param>
          </interceptor-ref>
-        <interceptor-ref name="redbackSecureActions"/>
+        <interceptor-ref name="redbackSecureActions">
+          <param name="enableReferrerCheck">true</param>
+        </interceptor-ref>
          <interceptor-ref name="redbackPolicyEnforcement"/>
          <interceptor-ref name="configuration"/>
          <interceptor-ref name="validation">
@@ -57,7 +59,9 @@
          <interceptor-ref name="redbackAutoLogin"/>
          <interceptor-ref name="defaultStack"/>
          <interceptor-ref name="redbackPolicyEnforcement"/>
-        <interceptor-ref name="redbackSecureActions"/>
+        <interceptor-ref name="redbackSecureActions">
+          <param name="enableReferrerCheck">true</param>
+        </interceptor-ref>
          <interceptor-ref name="validation">
            <param name="excludeMethods">input,back,cancel,browse</param>
          </interceptor-ref>
diff --git a/pom.xml b/pom.xml

index 2203e00fb151b7c243c472ea1352c77a4aabce17..38ec5aef7b6d9e37360a7db1b0e6a3317944d35d 100644 (file)
--- a/pom.xml
+++ b/pom.xml
@@ -1102,7 +1102,7 @@
    <properties>
      <maven.version>2.0.8</maven.version>
      <wagon.version>1.0-beta-5</wagon.version>
-    <redback.version>1.3-SNAPSHOT</redback.version>
+    <redback.version>1.2.4</redback.version>
      <jetty.version>6.1.19</jetty.version>
      <slf4j.version>1.5.8</slf4j.version>
      <binder.version>0.9</binder.version>
author	Maria Odea B. Ching <oching@apache.org>
	Wed, 24 Nov 2010 08:16:46 +0000 (08:16 +0000)
committer	Maria Odea B. Ching <oching@apache.org>
	Wed, 24 Nov 2010 08:16:46 +0000 (08:16 +0000)
archiva-modules/archiva-web/archiva-webapp/src/main/resources/struts.xml		patch \| blob \| history
pom.xml		patch \| blob \| history