Hide Forgot
Description of problem: The REST deployment operations currently use the following regex for the deployment Id: [^\\s:]+(:[^\\s:]+){2,2}(:[^\\s:]*){0,2} The other REST operations currently use the following regex for the deployment Id: [a-zA-Z0-9-:\\.]+ This means that users might be able to deploy a deployment with a deployment id that they would not be able to use in other REST operations. Furthermore the use of \\s (all non-whitespaces characters) could cause crashes or possible security problems. For both of the reasons above, we should change the regex used in both places to this: https://github.com/droolsjbpm/droolsjbpm-integration/commit/86b6d61d16db50165a55f933b24b1e5a336a47a2 This fix has already been committed to master. This bug is to ensure that it also gets added to the product branch.
Ahh, the regex that should be used is this: [\\w\\.-]+(:[\\w\\.-]+){2,2}(:[\\w\\.-]*){0,2}
Fixed: 6.0.x: https://github.com/droolsjbpm/droolsjbpm-integration/commit/52fe23ee master: https://github.com/droolsjbpm/droolsjbpm-integration/commit/86b6d61d
Verified in BPMS 6.0.0.ER7