Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use default PathPatternParser instance #13475

Closed
marcusdacoregio opened this issue Jul 10, 2023 · 4 comments
Closed

Use default PathPatternParser instance #13475

marcusdacoregio opened this issue Jul 10, 2023 · 4 comments
Assignees
@marcusdacoregio
Labels
in: config An issue in spring-security-config type: bug A general bug
Milestone
6.2.0-M1

Comments

@marcusdacoregio
Copy link
Contributor

No description provided.

@marcusdacoregio marcusdacoregio added in: config An issue in spring-security-config type: bug A general bug labels Jul 10, 2023
@marcusdacoregio marcusdacoregio added this to the 6.2.0-M1 milestone Jul 10, 2023
@marcusdacoregio marcusdacoregio self-assigned this Jul 10, 2023
@jzheaux jzheaux closed this as completed Jul 17, 2023
@marcusdacoregio
Copy link
Contributor Author

Closed via 8f5793a

@lyoum
Copy link

lyoum commented Jul 25, 2023

Regarding this fix to the spring vulnerability, is the dependency itself safe to use without WebFlux?

@marcusdacoregio
Copy link
Contributor Author

I don't think I follow @lyoum, are you asking if you can use PathPatternParser without WebFlux in a safe manner? If so, it depends on how you use it.

@lyoum
Copy link

lyoum commented Jul 31, 2023

The original intention of my question was: whether this vulnerability affects Spring Web, since Spring mentioned WebFlux in it's CVE but did not state clearly whether the vulnerability only affects usage of spring-security with WebFlux.

I later found out it indeed only affects spring-security with WebFlux. Thanks for the prompt response @marcusdacoregio

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@marcusdacoregio marcusdacoregio

Labels
in: config An issue in spring-security-config type: bug A general bug
Projects
None yet
Milestone
6.2.0-M1
Development

No branches or pull requests
3 participants
@jzheaux @marcusdacoregio @lyoum