Uploaded image for project: 'Phoenix'
  1. Phoenix
  2. PHOENIX-4188

Disable DTD parsing on Pherf XML documents

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 4.12.0
    • Labels:
      None

      Description

      A security scan dinged Phoenix for an external entities attack on the XML files that Pherf creates.

      We can easily work around it by disabling the inline doctype definition in the XML parser we use.

        Attachments

        1. PHOENIX-4188.002.patch
          92 kB
          Josh Elser
        2. PHOENIX-4188.001.patch
          92 kB
          Josh Elser

          Activity

            People

            • Assignee:
              elserj Josh Elser
              Reporter:
              elserj Josh Elser
            • Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: