Details
Description
Relates to HDFS-16766
There are other places in the code where DocumentBuilderFactory instances are created that could benefit from the same changes as HDFS-16766
sonatype-2022-5820
If anyone is landing on this page following the sonatype-2022-5820 alert, know that there is no known issue here, just a centralisation of all construction of XML parsers with lockdown of all the features.
Attachments
Issue Links
- is related to
-
HDFS-16795 Use secure XML parser utils in hdfs classes
- Resolved
-
MAPREDUCE-7411 Use secure XML parser utils in MapReduce
- Resolved
-
YARN-11330 Use secure XML parser utils in YARN
- Resolved
-
HADOOP-18575 Make XML transformer factory more lenient
- Resolved
- relates to
-
HDFS-16766 hdfs ec command loads (administrator provided) erasure code policy files without disabling xml entity expansion
- Resolved
- links to