Hi ! Security patch has been applied on 5.1.0.6 and 5.1.0.7 but these version has been failed the vote process, you can use 5.1.0.8-SNAPSHOT version to get access to protect your assets.
2010/9/13 Rich M <rich...@moremagic.com> > > Hi, > > I just noticed I can access a disturbing amount of files through the > assets/ path from my application. The user guide for 5.0 states that > Tapestry automatically blocks access to all assets and only whitelists > critical Tapestry files > http://tapestry.apache.org/tapestry5.0/guide/assets.html . However, > looking at the 5.1 guide there is no mention of security like in the 5.0 > guide. I haven't made any contributions to an AssetPathAuthorizer or even > known about them, so I don't think I've done something to specifically allow > access to the files via Tapestry code. How can I get the files in my > classpath and web context blocked? > > Thanks, > Rich > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org > For additional commands, e-mail: users-h...@tapestry.apache.org > > -- Regards, Christophe Cordenier. Committer on Apache Tapestry 5 Co-creator of wooki @wookicentral.com
