[ZOOKEEPER-3235] Enable secure processing and disallow DTDs in the SAXParserFactory - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: 3.5.4, 3.6.0, 3.4.13
Fix Version/s: 3.6.0, 3.5.5
Component/s: jute
Labels:
None

Description

We should enable the secure processing feature and disallow DTDs in the SAXParserFactory. This prevents a number of possible XXE style attacks.

Attachments

Issue Links

links to

Activity

People

Assignee:: Colm O hEigeartaigh

Reporter:: Colm O hEigeartaigh

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 07/Jan/19 14:58

Updated:: 20/May/19 17:50

Resolved:: 09/Jan/19 14:10