Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ELFlash ArrayIndexOutOfBoundsException on invalid Cookie value #4547

Closed
codylerum opened this issue Mar 5, 2019 · 5 comments
Closed

ELFlash ArrayIndexOutOfBoundsException on invalid Cookie value #4547

codylerum opened this issue Mar 5, 2019 · 5 comments
Assignees
@arjantijms
Labels
2.3
Milestone
2.3.15

Comments

@codylerum
Copy link
Contributor

codylerum commented Mar 5, 2019
edited
Loading

From: https://github.com/javaserverfaces/mojarra/issues/4386

This can easily reproduced by sending a csfcfc cooke with value 7aXBAow%3D
@codylerum codylerum mentioned this issue Mar 5, 2019
Closed
@codylerum
Copy link
Contributor Author

@arjantijms should I port in the version from 2.4 here as well? It appears the encrypt and decrypt methods in https://github.com/eclipse-ee4j/mojarra/blob/master/impl/src/main/java/com/sun/faces/util/ByteArrayGuardAESCTR.java have been simplified.

@arjantijms arjantijms self-assigned this Jul 28, 2019
jasonex7 added a commit to jasonex7/mojarra-ee4j that referenced this issue Jan 24, 2020
@jasonex7
Fixes eclipse-ee4j#4547 - ELFlash ArrayIndexOutOfBoundsException on i…
87df9d8 
…nvalid Cookie value
@jasonex7 jasonex7 mentioned this issue Jan 24, 2020
Merged
juneau001 added a commit that referenced this issue Feb 17, 2020
@juneau001
Merge pull request #4668 from jasonex7/fix-4547
edfc644 
Fixes #4547 - ELFlash ArrayIndexOutOfBoundsException on invalid Cookie value
jasonex7 added a commit to jasonex7/mojarra-jboss that referenced this issue Feb 20, 2020
@jasonex7
Backport fix for Mojarra issue 4547
e828073 
- eclipse-ee4j/mojarra#4547
@jasonex7
Copy link
Contributor

This is fixed with PR #4668

@jasonex7 jasonex7 mentioned this issue Feb 20, 2020
Closed
@didiez
Copy link

didiez commented Feb 1, 2021

We are using 2.3.14 and the bug is still there.
Are there any plans to release another version in the 2.3 branch? The bugfix seems backported to 2.3 in 7144ebc

@manorrock
Copy link
Contributor

Please fix on 3.0 and master as well

@manorrock manorrock reopened this Feb 1, 2021
@arjantijms arjantijms added the 2.3 label May 3, 2021
@arjantijms arjantijms added this to the 2.3.15 milestone May 3, 2021
@melloware
Copy link
Contributor

This looks like it was already ported to 3.0 and 4.0 and can be closed.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@arjantijms arjantijms

Labels
2.3
Projects
None yet
Milestone
2.3.15
Development

No branches or pull requests
5 participants
@codylerum @didiez @arjantijms @melloware @jasonex7