Expand my Community achievements bar.

Dive into Adobe Summit 2024! Explore curated list of AEM sessions & labs, register, connect with experts, ask questions, engage, and share insights. Don't miss the excitement.
SOLVED

List of packages getting exposed without logging in on publisher - AEM 6.5.8

Avatar

Level 4

Hi All,

 

We are currently facing an issue of list of packages getting exposed without logging in on AEM.

 

For example if I hit the URL like http<s>://<host>:<port>/crx/packmgr/list.jsp, I can see the JSON response showing the complete details of packages installed.

 

Not sure if this is with AEM 6.5.8.

 

Any fix for this?

1 Accepted Solution

Avatar

Correct answer by
Community Advisor

Hi @ashishkhadpe 

This is a feature as part of http service interface for package management.

 

You can block it by using a custom filter. Please refer this thread same way you can block by implementing your own logic as part  of servlet filter.

 

https://experienceleaguecommunities.adobe.com/t5/adobe-experience-manager/aem-security-json-extensio...

 

Hope this helps.

 

Regards,

Rajashankar.R

View solution in original post

4 Replies

Avatar

Community Advisor

Hi,

I don't see this issue in AEM 6.5.7

can you try on the vanilla instance?



Arun Patidar

Avatar

Community Advisor

Hi,

 

I don't see it on 6.5.8 

This is the response for me. Doesn't look like an issue in 6.5.8

{"results":[],"total":0}

Could it be a difference in permissions for everyone group or anonymous user?

Avatar

Community Advisor

Hi,

 

I tried in AEM 6.5 plain instance, AEM 6.5.6 and AEM 6.5.8 and don't see the packages list showing up without login. Make sure that you are not logged into publish instance in any other tab

Avatar

Correct answer by
Community Advisor

Hi @ashishkhadpe 

This is a feature as part of http service interface for package management.

 

You can block it by using a custom filter. Please refer this thread same way you can block by implementing your own logic as part  of servlet filter.

 

https://experienceleaguecommunities.adobe.com/t5/adobe-experience-manager/aem-security-json-extensio...

 

Hope this helps.

 

Regards,

Rajashankar.R