You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@phoenix.apache.org by "Josh Elser (JIRA)" <ji...@apache.org> on 2017/09/09 02:42:01 UTC
[jira] [Created] (PHOENIX-4188) Disable DTD parsing on Pherf XML
documents
Josh Elser created PHOENIX-4188:
-----------------------------------
Summary: Disable DTD parsing on Pherf XML documents
Key: PHOENIX-4188
URL: https://issues.apache.org/jira/browse/PHOENIX-4188
Project: Phoenix
Issue Type: Bug
Reporter: Josh Elser
Assignee: Josh Elser
Fix For: 4.12.0
A security scan dinged Phoenix for an external entities attack on the XML files that Pherf creates.
We can easily work around it by disabling the inline doctype definition in the XML parser we use.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)