[
https://issues.apache.org/jira/browse/GUACAMOLE-2131?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Mike Jumper closed GUACAMOLE-2131.
----------------------------------
Resolution: Fixed
> User update may fail with NPE
> -----------------------------
>
> Key: GUACAMOLE-2131
> URL: https://issues.apache.org/jira/browse/GUACAMOLE-2131
> Project: Guacamole
> Issue Type: Bug
> Components: guacamole
> Affects Versions: 1.6.0
> Reporter: Mike Jumper
> Assignee: Mike Jumper
> Priority: Major
> Fix For: 1.6.1
>
>
> We implement additional filtering and sanity checks on submitted attributes
> to remove any that are not specifically declared, determining whether
> {{getUserAttributes()}} or {{getUserPreferenceAttributes()}} applies based on
> the identity of the object being updated. This works, but the filtering is
> based on the username submitted in the received JSON object, which is not
> reliable and will not necessarily exist. If the username happens to not be
> submitted in the JSON, the update attempt will fail.
> In practice, this makes no difference to real-world behavior (there are no
> extensions that rely on this filtering, the filtering is not a documented
> aspect of the application, and the UI always submits this value), but this
> should be fixed.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
