You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@phoenix.apache.org by "Josh Elser (JIRA)" <ji...@apache.org> on 2017/09/09 02:42:01 UTC

[jira] [Created] (PHOENIX-4188) Disable DTD parsing on Pherf XML documents

Josh Elser created PHOENIX-4188:
-----------------------------------

             Summary: Disable DTD parsing on Pherf XML documents
                 Key: PHOENIX-4188
                 URL: https://issues.apache.org/jira/browse/PHOENIX-4188
             Project: Phoenix
          Issue Type: Bug
            Reporter: Josh Elser
            Assignee: Josh Elser
             Fix For: 4.12.0


A security scan dinged Phoenix for an external entities attack on the XML files that Pherf creates.

We can easily work around it by disabling the inline doctype definition in the XML parser we use.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)