You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@myfaces.apache.org by GitBox <gi...@apache.org> on 2021/01/19 12:49:31 UTC

[GitHub] [myfaces] bohmber opened a new pull request #153: Disable the parsing of external general entities and external paramet…

bohmber opened a new pull request #153:
URL: https://github.com/apache/myfaces/pull/153


   …er entities in XML parsing code
   MYFACES-4377


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [myfaces] bohmber commented on pull request #153: Disable the parsing of external general entities and external paramet…

Posted by GitBox <gi...@apache.org>.

bohmber commented on pull request #153:
URL: https://github.com/apache/myfaces/pull/153#issuecomment-762957573


   adding 
   
   `setFeature( "http://apache.org/xml/features/disallow-doctype-decl", true ); 
   `
   
   would break.
   
   The rest is from here https://cheatsheetseries.owasp.org/cheatsheets/XML_External_Entity_Prevention_Cheat_Sheet.html
   
   I checked other apache projects many of them doing the same


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [myfaces] tandraschko commented on pull request #153: Disable the parsing of external general entities and external paramet…

Posted by GitBox <gi...@apache.org>.

tandraschko commented on pull request #153:
URL: https://github.com/apache/myfaces/pull/153#issuecomment-765236007


   then +1


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [myfaces] tandraschko commented on pull request #153: Disable the parsing of external general entities and external paramet…

Posted by GitBox <gi...@apache.org>.

tandraschko commented on pull request #153:
URL: https://github.com/apache/myfaces/pull/153#issuecomment-762924791


   Could this break something?


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [myfaces] bohmber merged pull request #153: Disable the parsing of external general entities and external paramet…

Posted by GitBox <gi...@apache.org>.

bohmber merged pull request #153:
URL: https://github.com/apache/myfaces/pull/153


   


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org