Uploaded image for project: 'Apache NiFi'
  1. Apache NiFi
  2. NIFI-9399

Apply Secure Processing to TransformXml XSLT Sources

    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Resolved
    • Minor
    • Resolution: Fixed
    • 1.15.0
    • 1.16.0, 1.15.1
    • Extensions, Security
    • None

    Description

      The TransformXml processor supports Secure Processing as of NiFi 1.3.0, which prevents external access attempts using XML entity references. The Secure Processing property applies to input FlowFiles, but does not apply to the XSLT source that the processor uses during transformation. TransformXml should be updated to apply Secure Processing to XSLT sources.

      Attachments

        Issue Links

          is related to

          Improvement - An improvement or enhancement to an existing feature or task. NIFI-4125 Add basic security settings to TransformXml

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Resolved
          links to

          Web Link GitHub Pull Request #5542

          Activity

            People

              exceptionfactory David Handermann
              exceptionfactory David Handermann
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0h
                  0h
                  Logged:
                  Time Spent - 20m
                  20m