Details
-
Bug
-
Status: Resolved
-
Major
-
Resolution: Fixed
-
None
-
None
-
None
Description
We should block loading jars by default to avoid running untrusted code:
<script type="application/java-archive" xlink:href="file.jar"/>
CVE-2022-41704
Attachments
Issue Links
- relates to
-
FOP-3104 A FOP 2.7.1 hotfix release with only updated batik dependencies to 1.16
- Resolved