Age | Commit message (Collapse) | Author | Files | Lines |
|
skipped
- SBA Pentest finds a pattern that skip security validation SBA(202209-10.2)
|
|
configurated
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
with Java 17
|
|
|
|
|
|
requested IDA attributes
- The eIDAS AT-Proxy-Service uses that attribute to send the required attributes to IDA system
|
|
errorCode now
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
INFO:
SSL Client-Authentication with keys from HSM-Facade only works with
BCJSSE Provider >= 1.70 and SystemD Parameter: -Dorg.bouncycastle.jsse.client.acceptRenegotiation=true
if HTTP Server requires re-negotiation.
Hint: do not enable SSL Debugging in BCJSSE Probider, because it throws
a NullPointerException with HSM-Facade keys!!!!
|
|
|
|
|
|
factory
|
|
|
|
|
|
|
|
|
|
cve-2022-22965
|
|
setDisallowedFields
|
|
|
|
|
|
disallowed files for DataBinder
This code protects Spring Core from a "Remote Code Execution" attack (dubbed "Spring4Shell").This is a midigation for
For more details, see this post: https://www.lunasec.io/docs/blog/spring-rce-vulnerabilities/
|
|
|
|
|
|
|
|
Spring locale-resolver
|
|
Spring now
|
|
|
|
'AuthenticatedEncryptionPendingRequestIdGenerationStrategy' that allows generation of already expired tokens
|
|
|
|
|
|
|