Skip to content
[Jenkins]Jenkins
S'identifier
Succès

Changes

Summary

  1. Bug #14784 (details)
Commit b2a83ccc4b136d5fbf820a1f06469f11034bf2c8 by Miguel Moquillon
Bug #14784

Fix the vulnerability by setting a restrictive content security policy
of the HTTP response when serving a file in Silverpeas.
Now, when serving a file, it is done explicitly for download and
not anymore for inlining its content.
The file was modifiedcore-web/src/main/java/org/silverpeas/core/web/http/PreparedDownload.java (diff)
The file was modifiedcore-web/src/main/java/org/silverpeas/core/web/http/ServletFileResponse.java (diff)
The file was modifiedcore-web/src/main/java/org/silverpeas/core/web/http/RestFileResponse.java (diff)
The file was modifiedcore-web/src/main/java/org/silverpeas/core/web/http/FileResponse.java (diff)

Summary

  1. Bug #14784 (details)
  2. Report of the fix of the bug #14663 (details)
Commit d82a619caec2f3eca9d922a44c12a8d31ad7921f by Miguel Moquillon
Bug #14784

Take into account the download of files is now the only and default
behavior in Silverpeas when serving files.
The file was modifiedgallery/gallery-library/src/main/java/org/silverpeas/components/gallery/constant/GalleryResourceURIs.java (diff)
The file was modifiedgallery/gallery-war/src/main/webapp/WEB-INF/tags/silverpeas/gallery/viewMediaLayout.tag (diff)
The file was modifiedgallery/gallery-war/src/main/webapp/gallery/jsp/mediaPhotoView.jsp (diff)
The file was modifiedgallery/gallery-war/src/main/java/org/silverpeas/components/gallery/servlets/GalleryRequestRouter.java (diff)
Commit 12c84a775d9a899446983fba1ae596cae4f43282 by Miguel Moquillon
Report of the fix of the bug #14663
The file was modifiedkmelia/kmelia-library/src/main/java/org/silverpeas/components/kmelia/KmeliaPublicationHelper.java (diff)
The file was modifiedkmelia/kmelia-war/src/main/java/org/silverpeas/components/kmelia/control/KmeliaSessionController.java (diff)
The file was modifiedkmelia/kmelia-war/src/main/webapp/kmelia/jsp/basket.jsp (diff)
The file was modifiedkmelia/kmelia-war/src/main/java/org/silverpeas/components/kmelia/servlets/JSONServlet.java (diff)
The file was modifiedkmelia/kmelia-war/src/main/webapp/kmelia/jsp/simpleListOfPublications.jsp (diff)
The file was modifiedkmelia/kmelia-war/src/main/webapp/kmelia/jsp/treeview.jsp (diff)
The file was modifiedkmelia/kmelia-war/src/main/webapp/kmelia/jsp/publicationManager.jsp (diff)