diff options
author | Thomas <> | 2022-03-31 13:00:02 +0200 |
---|---|---|
committer | Thomas <> | 2022-03-31 13:00:02 +0200 |
commit | 1f76d31e8e8f5a7bc6cd5694b989955ddc2ddc58 (patch) | |
tree | 5737a43e21ead7f73725711fc6642206ebec3e72 /connector | |
parent | ebc5f11b7ff0ca374818445da0a62276a91707dd (diff) | |
download | National_eIDAS_Gateway-1f76d31e8e8f5a7bc6cd5694b989955ddc2ddc58.tar.gz National_eIDAS_Gateway-1f76d31e8e8f5a7bc6cd5694b989955ddc2ddc58.tar.bz2 National_eIDAS_Gateway-1f76d31e8e8f5a7bc6cd5694b989955ddc2ddc58.zip |
feature(core): add deny-list for Spring DataBinder
This mitigates possible RCE attacked called "Spring4Shell"
Diffstat (limited to 'connector')
-rw-r--r-- | connector/src/main/resources/applicationContext.xml | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/connector/src/main/resources/applicationContext.xml b/connector/src/main/resources/applicationContext.xml index ec8e79f4..5c5e245c 100644 --- a/connector/src/main/resources/applicationContext.xml +++ b/connector/src/main/resources/applicationContext.xml @@ -28,6 +28,8 @@ <bean id="springContextClosingHandler" class="at.asitplus.eidas.specific.core.SpringContextCloseHandler" /> + <bean class="at.asitplus.eidas.specific.core.controller.DataBinderControllerAdvice" /> + <beans profile="deprecatedConfig"> <bean id="BasicMSSpecificNodeConfig" class="at.asitplus.eidas.specific.core.config.BasicConfigurationProvider"> |