[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
[
List Home]
|
Re: [jetty-users] Examples for SymlinkAllowedResourceAliasChecker in XML config file
|
Le jeudi 26 juin 2025 08:26:22 CEST, vous avez écrit :
> Jetty 9 is EOL, you should upgrade to 12.0
> see https://github.com/jetty/jetty.project/issues/7958
Debian stable (bookworm) ships jetty9, so upgrading will be difficult.
Debian testing (trixie) has (jetty9 and) jetty12, but it doesn't startup, maybe because of packaging issues.
Should I understand that you snippet will work fine with jetty12 and that the cause of my issues is jetty9?
> > I don't think that there is an issue with the webapp because with the
> deprecated AllowSymLinkAliasChecker it works.
>
> I would not recommend using AllowSymLinkAliasChecker, it has some security
> issues.
> These issues have been fixed in the SymlinkAllowedResourceAliasChecker.
It look like I don't have choice and have to stick to the deprecated alternative since I can't make SymlinkAllowedResourceAliasChecker work with jetty9.
Regards
