Uploaded image for project: 'Apache NiFi'
  1. Apache NiFi
  2. NIFI-9399

Apply Secure Processing to TransformXml XSLT Sources

    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Resolved
    • Minor
    • Resolution: Fixed
    • 1.15.0
    • 1.16.0, 1.15.1
    • Extensions, Security
    • None

    Description

      The TransformXml processor supports Secure Processing as of NiFi 1.3.0, which prevents external access attempts using XML entity references. The Secure Processing property applies to input FlowFiles, but does not apply to the XSLT source that the processor uses during transformation. TransformXml should be updated to apply Secure Processing to XSLT sources.

      Attachments

        Issue Links

          Activity

            People

              exceptionfactory David Handermann
              exceptionfactory David Handermann
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0h
                  0h
                  Logged:
                  Time Spent - 20m
                  20m