Ron Sigal

Thank you, @chengfang.

Hey Darren, Sorry for the late reply - I was on PTO on Friday. Yes, I'll take a look. -Ron

Well, I don't know much about RESTEasy's jose-jwt, but I was involved in the creation of resteasy-rxjava2, and I would be surprised if it were used somewhere in WildFly. It...

Thanks, @jamezp. I have no objections.

Hey @darranl, +1 for this. If you need an official review, just add me as a reviewer and I'll push the button.

Hey @spericas, Hmmm, I just accessed https://nvd.nist.gov/vuln/detail/CVE-2020-25633. Maybe it was a temporary outage .... Besides headers and cookies (well, cookies are in a header), I would be concerned about the...

re: "tweak to your example" Yes, that really clarifies the problem. Although, I don't think we have to worry about nuke codes any more: our president has probably unembargoed them...

Abstractly, there seem to be two general approaches. 1. In RESTEasy, we changed to a safer behavior and made it possible to revert to the original behavior. 2. The suggestion...

James Perkins has uncovered a variant of this problem. ``` @Path("first") @GET public Response first(@Context ServletContext context) { final Client client = ClientBuilder.newClient(); final Response entity = client.target("http://localhost:8080/web-app/rest/test/second") .request() .get(Response.class);...

Hey everyone, I've started thinking about this stuff again, and I have a couple of comments. 1. I agree with @NicoNes about getEntity() succeeding after a call to readEntity(). The...