-
Bug
-
Resolution: Fixed
-
Major
-
None
-
Tomcat 6.0.28
The user who can see the Hudson server from Web can see the WEB-INF/web.xml file etc. of the server with following URL.
http://(host of HUDSON_HOME)/static/(Arbitrary String)/WEB-INF/web.xml
For instance, it is
http://ci.hudson-labs.org/static/ArbitraryString/WEB-INF/web.xml
I want to set not to see those to a general user.
Code changed in stapler
User: : kohsuke
Path:
trunk/stapler/core/src/main/java/org/kohsuke/stapler/Stapler.java
https://stapler.dev.java.net/source/browse/stapler/trunk/stapler/core/src/main/java/org/kohsuke/stapler/Stapler.java?view=diff&rev=1619&p1=trunk/stapler/core/src/main/java/org/kohsuke/stapler/Stapler.java&p2=trunk/stapler/core/src/main/java/org/kohsuke/stapler/Stapler.java&r1=1618&r2=1619
Log:
[FIXED JENKINS-7457] Don't serve WEB-INF and stuff under it.