aboutsummaryrefslogtreecommitdiff
path: root/connector
diff options
context:
space:
mode:
authorThomas <>2022-03-31 13:00:02 +0200
committerThomas <>2022-03-31 13:00:02 +0200
commit1f76d31e8e8f5a7bc6cd5694b989955ddc2ddc58 (patch)
tree5737a43e21ead7f73725711fc6642206ebec3e72 /connector
parentebc5f11b7ff0ca374818445da0a62276a91707dd (diff)
downloadNational_eIDAS_Gateway-1f76d31e8e8f5a7bc6cd5694b989955ddc2ddc58.tar.gz
National_eIDAS_Gateway-1f76d31e8e8f5a7bc6cd5694b989955ddc2ddc58.tar.bz2
National_eIDAS_Gateway-1f76d31e8e8f5a7bc6cd5694b989955ddc2ddc58.zip
feature(core): add deny-list for Spring DataBinder
This mitigates possible RCE attacked called "Spring4Shell"
Diffstat (limited to 'connector')
-rw-r--r--connector/src/main/resources/applicationContext.xml2
1 files changed, 2 insertions, 0 deletions
diff --git a/connector/src/main/resources/applicationContext.xml b/connector/src/main/resources/applicationContext.xml
index ec8e79f4..5c5e245c 100644
--- a/connector/src/main/resources/applicationContext.xml
+++ b/connector/src/main/resources/applicationContext.xml
@@ -28,6 +28,8 @@
<bean id="springContextClosingHandler"
class="at.asitplus.eidas.specific.core.SpringContextCloseHandler" />
+ <bean class="at.asitplus.eidas.specific.core.controller.DataBinderControllerAdvice" />
+
<beans profile="deprecatedConfig">
<bean id="BasicMSSpecificNodeConfig"
class="at.asitplus.eidas.specific.core.config.BasicConfigurationProvider">