Uploaded image for project: 'WildFly'
  1. WildFly
  2. WFLY-4536

Do not reveal user ID of WildFly process via JavaMail messages

    XMLWordPrintable

Details

    • Enhancement
    • Resolution: Done
    • Major
    • 9.0.0.CR1
    • 8.2.0.Final, 9.0.0.Beta2
    • Mail
    • None

    Description

      The Message-ID of outgoing e-mail sent via the default javax.mail.Session has the format 

      Message-ID: <524672585.11.1429091886393.JavaMail.wildfly@myserver.example.com>

      The wildfly part here is not hard-coded, it corresponds to the user ID of the process WildFly is running under (which happens to be wildfly on my server).

      Revealing the user ID of a system process may be regarded as a security risk.

      This has been fixed in javax.mail 1.5.3 (see https://kenai.com/bugzilla/show_bug.cgi?id=6496), so WildFly should upgrade this dependency.

      Attachments

        Activity

          People

            tomazcerar Tomaž Cerar (Inactive)
            hwellmann.de Harald Wellmann (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: