aboutsummaryrefslogtreecommitdiff
path: root/connector
diff options
context:
space:
mode:
authorThomas <>2022-03-31 13:00:02 +0200
committerThomas <>2022-03-31 13:15:35 +0200
commit4f6e4801a171d9835a64d048b2e93f108e687fa5 (patch)
tree36896d4672b7e502f3660258edfd1adb0ecc4281 /connector
parenteb301932e03e01ff61990ba578fd55996052eab4 (diff)
downloadNational_eIDAS_Gateway-4f6e4801a171d9835a64d048b2e93f108e687fa5.tar.gz
National_eIDAS_Gateway-4f6e4801a171d9835a64d048b2e93f108e687fa5.tar.bz2
National_eIDAS_Gateway-4f6e4801a171d9835a64d048b2e93f108e687fa5.zip
feature(core): add deny-list for Spring DataBinder
This mitigates possible RCE attacked called "Spring4Shell"
Diffstat (limited to 'connector')
-rw-r--r--connector/src/main/resources/applicationContext.xml2
1 files changed, 2 insertions, 0 deletions
diff --git a/connector/src/main/resources/applicationContext.xml b/connector/src/main/resources/applicationContext.xml
index ec8e79f4..5c5e245c 100644
--- a/connector/src/main/resources/applicationContext.xml
+++ b/connector/src/main/resources/applicationContext.xml
@@ -28,6 +28,8 @@
<bean id="springContextClosingHandler"
class="at.asitplus.eidas.specific.core.SpringContextCloseHandler" />
+ <bean class="at.asitplus.eidas.specific.core.controller.DataBinderControllerAdvice" />
+
<beans profile="deprecatedConfig">
<bean id="BasicMSSpecificNodeConfig"
class="at.asitplus.eidas.specific.core.config.BasicConfigurationProvider">
generated by cgit v1.2.3 (git 2.25.1) at 2024-04-29 04:18:31 +0000