gnodet commented on PR #400: URL: https://github.com/apache/cxf/pull/400#issuecomment-4046367111
Closing: this PR is 8 years old with merge conflicts. The regex-based wildcard approach has security concerns (unescaped dots, no anchors). If wildcard audience validation is still needed, it should be reimplemented with proper URL pattern matching and a dedicated configuration flag as suggested by @coheigea. CXF-7696 remains open for a future clean implementation. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
