Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 0.7.0
    • Fix Version/s: 0.8.0
    • Component/s: None
    • Labels:
      None

      Description

      Jsoup versions before 1.8.3 do not properly handle HTML tags missing
      the closing ">" when parsing near the end of the file. This exposes a
      potential XSS vector.

      This request is to upgrade to Jsoup 1.8.3 or newer.

        Activity

        Show
        eyang Eric Yang added a comment - I just committed this. https://github.com/apache/chukwa/commit/6b2ddcf0c2f94a264edfde2009d928ee5c832852
        Hide
        hudson Hudson added a comment -

        FAILURE: Integrated in Chukwa-master #550 (See https://builds.apache.org/job/Chukwa-master/550/)
        CHUKWA-799. Updated jsoup version. (Eric Yang) (eyang: rev 6b2ddcf0c2f94a264edfde2009d928ee5c832852)

        • CHANGES.txt
        • pom.xml
        Show
        hudson Hudson added a comment - FAILURE: Integrated in Chukwa-master #550 (See https://builds.apache.org/job/Chukwa-master/550/ ) CHUKWA-799 . Updated jsoup version. (Eric Yang) (eyang: rev 6b2ddcf0c2f94a264edfde2009d928ee5c832852) CHANGES.txt pom.xml

          People

          • Assignee:
            eyang Eric Yang
            Reporter:
            eyang Eric Yang
          • Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development