[PHOENIX-4188] Disable DTD parsing on Pherf XML documents - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 4.12.0
Component/s: None
Labels:
None

Description

A security scan dinged Phoenix for an external entities attack on the XML files that Pherf creates.

We can easily work around it by disabling the inline doctype definition in the XML parser we use.

Attachments

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

PHOENIX-4188.001.patch
10/Sep/17 21:16
92 kB
Josh Elser
PHOENIX-4188.002.patch
12/Sep/17 00:10
92 kB
Josh Elser

Activity

People

Assignee:: Josh Elser

Reporter:: Josh Elser

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 09/Sep/17 02:41

Updated:: 12/Sep/17 21:07

Resolved:: 12/Sep/17 18:20