[HADOOP-18469] Add XMLUtils methods to centralise code that creates secure XML parsers - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: 3.3.4
Fix Version/s: 3.4.0, 3.3.5
Component/s: None
Labels:
- pull-request-available

Description

There are other places in the code where DocumentBuilderFactory instances are created that could benefit from the same changes as ~~HDFS-16766~~

sonatype-2022-5820

If anyone is landing on this page following the sonatype-2022-5820 alert, know that there is no known issue here, just a centralisation of all construction of XML parsers with lockdown of all the features.

Attachments

Issue Links

is related to

HDFS-16795 Use secure XML parser utils in hdfs classes

Resolved

MAPREDUCE-7411 Use secure XML parser utils in MapReduce

Resolved

YARN-11330 Use secure XML parser utils in YARN

Resolved

HADOOP-18575 Make XML transformer factory more lenient

Resolved

relates to

HDFS-16766 hdfs ec command loads (administrator provided) erasure code policy files without disabling xml entity expansion

Resolved

links to

GitHub Pull Request #4940

GitHub Pull Request #4978

(2 links to)

Activity

People

Assignee:: PJ Fanning

Reporter:: PJ Fanning

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 27/Sep/22 10:30

Updated:: 14/Dec/22 18:22

Resolved:: 07/Oct/22 10:04