You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@ratis.apache.org by "Tsz-wo Sze (Jira)" <ji...@apache.org> on 2022/02/23 15:43:00 UTC

[jira] [Updated] (RATIS-1532) Fix RaftProperties security warning

     [ https://issues.apache.org/jira/browse/RATIS-1532?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Tsz-wo Sze updated RATIS-1532:
------------------------------
    Description: 
There is a security alert in RaftProperties:
bq. XML parsers should not be vulnerable to XXE attacks

The code was copied from Hadoop and currently not used in Ratis.  We should should remove it.

  was:
There is a security alert in RaftProperties:
bq. XML parsers should not be vulnerable to XXE attacks

Although the code is not used, we should fix the alert.


> Fix RaftProperties security warning
> -----------------------------------
>
>                 Key: RATIS-1532
>                 URL: https://issues.apache.org/jira/browse/RATIS-1532
>             Project: Ratis
>          Issue Type: Bug
>          Components: common
>            Reporter: Tsz-wo Sze
>            Assignee: Tsz-wo Sze
>            Priority: Major
>
> There is a security alert in RaftProperties:
> bq. XML parsers should not be vulnerable to XXE attacks
> The code was copied from Hadoop and currently not used in Ratis.  We should should remove it.



--
This message was sent by Atlassian Jira
(v8.20.1#820001)