roller-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "David Johnson (JIRA)" <j...@apache.org>
Subject [jira] [Comment Edited] (ROL-2124) Disable DOCTYPE handling in SAX Parser
Date Sat, 15 Dec 2018 23:21:00 GMT

    [ https://issues.apache.org/jira/browse/ROL-2124?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16714064#comment-16714064
] 

David Johnson edited comment on ROL-2124 at 12/15/18 11:20 PM:
---------------------------------------------------------------

XML DOCTYPE handling is not needed by Roller so to be most secure we should disable DOCTYPE
handing in the SAX Parser.


was (Author: djohnson):
There are some possible exploits that target XML DOCTYPE handling so, to be most secure we
should disable DOCTYPE handing in the SAX Parser.

> Disable DOCTYPE handling in SAX Parser
> --------------------------------------
>
>                 Key: ROL-2124
>                 URL: https://issues.apache.org/jira/browse/ROL-2124
>             Project: Apache Roller
>          Issue Type: Bug
>          Components: Web Services
>            Reporter: David Johnson
>            Assignee: David Johnson
>            Priority: Major
>              Labels: security
>             Fix For: 5.2.2
>
>




--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Mime
View raw message