Skip to content
Snippets Groups Projects
Commit bd58d2ff authored by Oliver Hader's avatar Oliver Hader Committed by Oliver Hader
Browse files

[SECURITY] Mitigate cross-site-scripting in FileDumpController 

FileDumpController is used to expose stored files from the backend
user interface through a corresponding service-side process. Since
content-security-policy settings for files served directly by the
web server won't be applied, FileDumpController has to take care.

Resolves: #98221
Releases: main, 11.5, 10.4
Change-Id: I4fde10e48e33fa08452eddf876172f56b4f38e28
Security-Bulletin: TYPO3-CORE-SA-2022-009
Security-References: CVE-2022-36107
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/75718


Tested-by: default avatarOliver Hader <oliver.hader@typo3.org>
Reviewed-by: default avatarOliver Hader <oliver.hader@typo3.org>
parent 56af2bd3
No related merge requests found
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment