From a35373663d66666d6af5bbe819c7e6bab6cf9989 Mon Sep 17 00:00:00 2001
From: Thomas <>
Date: Thu, 31 Mar 2022 13:00:02 +0200
Subject: feature(core): add deny-list for Spring DataBinder

     This mitigates possible RCE attacked called "Spring4Shell"
---
 connector/src/main/resources/applicationContext.xml | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'connector')

diff --git a/connector/src/main/resources/applicationContext.xml b/connector/src/main/resources/applicationContext.xml
index ec8e79f4..5c5e245c 100644
--- a/connector/src/main/resources/applicationContext.xml
+++ b/connector/src/main/resources/applicationContext.xml
@@ -28,6 +28,8 @@
   <bean id="springContextClosingHandler"
         class="at.asitplus.eidas.specific.core.SpringContextCloseHandler" />
 
+  <bean class="at.asitplus.eidas.specific.core.controller.DataBinderControllerAdvice" />
+
   <beans profile="deprecatedConfig">
   <bean id="BasicMSSpecificNodeConfig"
     class="at.asitplus.eidas.specific.core.config.BasicConfigurationProvider">
-- 
cgit v1.2.3