Details
-
Improvement
-
Status: Resolved
-
Minor
-
Resolution: Fixed
-
1.3.0
-
None
Description
Since data flows can generally deal with non-trusted data, the processors should handle it in a secure manner.
In case of XML there are various known vulnerabilities - OWASP. Some can be mitigated via XML parser/XSLT Processor features.
The TransformXml processor should have a setting enabling these secure settings.
Attachments
Issue Links
- relates to
-
NIFI-9399 Apply Secure Processing to TransformXml XSLT Sources
- Resolved
- links to