Details
-
Sub-task
-
Status: Closed
-
Major
-
Resolution: Fixed
-
None
-
None
-
None
-
None
-
Newcomer
Description
We should add some regression tests demonstrating that
Derby is no longer vulnerable to an XXE assault.
One possibility would be to have a example using a local
file disclosure.
Another possibility would be to have example based on the
well-known "Billion Laughs" denial of service attack.