#2215 closed defect (fixed)

[le Jetty-712] vlet.filters.XSSRequestWrapper

Reported by: anonymous maybe Owned by:
Priority: minor Milestone: 0.9.35
Component: apps/jetty Version: 0.9.34
Keywords: Cc:
Parent Tickets: Sensitive: no

Description

  • I2P Version and Running Environment
 I2P version:	0.9.34-0-2ubuntu1
Java version:	Oracle Corporation 1.8.0_162 (OpenJDK Runtime Environment 1.8.0_162-8u162-b12-1~deb9u1-b12)
Wrapper version:	3.5.30
Server version:	9.2.21.v20170120
Servlet version:	Jasper JSP 2.3 Engine
JSTL version:	standard-taglib 1.2.5
Platform:	Linux amd64 4.14.18-1.pvops.qubes.x86_64
Jcpuid version:	3
Processor:	Haswell Core i3/i5/i7 model 60 (coreihwl)
Jbigi:	Locally optimized native BigInteger library loaded from file
Jbigi version:	4
GMP version:	6.1.2
Encoding:	UTF-8
Charset:	UTF-8
  • Router Logs
4/13/18 12:34:21 PM WARN  [luginStarter] rg.eclipse.jetty.server.Server: EXCEPTION : java.lang.IllegalArgumentException: File not resolvable or incompatible with URLClassloader: jar:file:/home/user/.i2p/plugins/i2pbote/console/webapps/i2pbote.war!/WEB-INF/lib/tomcat-jsp-api-8.5.23.jar
4/13/18 12:34:21 PM ^^^ 2 similar messages omitted ^^^
4/13/18 10:01:08 PM WARN  [le Jetty-712] vlet.filters.XSSRequestWrapper: URL "/images" Stripped header "If-None-Match" : ""0.9.34-0-2ubuntu1""

Subtickets

Change History (2)

comment:1 Changed 20 months ago by anonymous maybe

Summary: [le Jetty-712] vlet.filters.XSSRequestWrapper[le Jetty-712] vlet.filters.XSSRequestWrapper[le Jetty-712] vlet.filters.XSSRequestWrapper

comment:2 Changed 20 months ago by zzz

Milestone: undecided0.9.35
Resolution: fixed
Status: newclosed

The PluginStarter? error you already reported in #2210, it's a bote issue.

The XSS is from the etag on the susidns image, it will show up when you load the susidns main page. I saw it during testing of the release but didn't bother to fix it at the time, it's harmless.

In c11dc8cac09eb76f5ea488248655e77b17c5158f to be 0.9.34-2

Note: See TracTickets for help on using tickets.