Code Monkey home page Code Monkey logo

rapidoid-web-platform's Introduction

Rapidoid - Simple. Powerful. Secure. Fast!

Rapidoid is an extremely fast HTTP server and modern Java web framework / application container, with a strong focus on high productivity and high performance.

Documentation, examples, community support

Please visit the official site:

http://www.rapidoid.org/

Apache License v2

Rapidoid is released under the liberal Apache Public License v2, so it is free to use for both commercial and non-commercial projects.

Roadmap

  • Better documentation (work in progress - as always)
  • Swagger / OpenAPI support

Contributing

  1. Fork (and then git clone https://github.com/<your-username-here>/rapidoid.git).
  2. Make your changes
  3. Commit your changes (git commit -am "Description of contribution").
  4. Push to GitHub (git push).
  5. Open a Pull Request.
  6. Please sign the CLA.
  7. Thank you for your contribution! Wait for a response...

rapidoid-web-platform's People

Contributors

nmihajlovski avatar

Stargazers

avatar avatar avatar avatar

Watchers

avatar avatar avatar

Forkers

pologood rapidoidv2

rapidoid-web-platform's Issues

Security Vulnerability - Action Required: XXE vulnerability in the newest version of org.rapidoid:rapidoid-platform

Hi there,
I think the method com.mchange.v2.c3p0.cfg.C3P0ConfigXmlUtils.extractXmlConfigFromInputStream(InputStream is) may have an XXE vulnerability which is vulnerable in the newest version of org.rapidoid:rapidoid-platform. It shares similarities to a recent CVE disclosure CVE-2018-20433 in the "swaldman/c3p0" project.

Vulnerability Detail:

CVE Identifier: CVE-2018-20433

c3p0 0.9.5.2 allows XXE in extractXmlConfigFromInputStream in com/mchange/v2/c3p0/cfg/C3P0ConfigXmlUtils.java during initialization.

Reference:https://nvd.nist.gov/vuln/detail/CVE-2018-20433

Patch: zhutougg/c3p0@2eb0ea9

This may be caused by the fact that the version of c3p0, the component you rely on, has not been updated. Maybe I can submit a PR to help you update the version? Looking forward to your reply.

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.