Uploaded image for project: 'Apache NiFi'
  1. Apache NiFi
  2. NIFI-9399

Apply Secure Processing to TransformXml XSLT Sources

Attach filesAttach ScreenshotVotersWatch issueWatchersCreate sub-taskLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Resolved
    • Minor
    • Resolution: Fixed
    • 1.15.0
    • 1.16.0, 1.15.1
    • Extensions, Security
    • None

    Description

      The TransformXml processor supports Secure Processing as of NiFi 1.3.0, which prevents external access attempts using XML entity references. The Secure Processing property applies to input FlowFiles, but does not apply to the XSLT source that the processor uses during transformation. TransformXml should be updated to apply Secure Processing to XSLT sources.

      Attachments

        Issue Links

        is related to

        Improvement - An improvement or enhancement to an existing feature or task. NIFI-4125 Add basic security settings to TransformXml

        • Minor - Minor loss of function, or other problem where easy workaround is present.
        • Resolved
        links to

        Web Link GitHub Pull Request #5542

        Activity
          This comment will be Viewable by All Users Viewable by All Users
          Cancel

          People

            exceptionfactory David Handermann
            exceptionfactory David Handermann
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Time Tracking

                Estimated:
                Original Estimate - Not Specified
                Not Specified
                Remaining:
                Remaining Estimate - 0h
                0h
                Logged:
                Time Spent - 20m
                20m

                Slack

                  Issue deployment