You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@falcon.apache.org by "Venkat Ranganathan (JIRA)" <ji...@apache.org> on 2017/02/02 17:59:51 UTC
[jira] [Created] (FALCON-2273) Disallow external entity injection
and clean up some log messages
Venkat Ranganathan created FALCON-2273:
------------------------------------------
Summary: Disallow external entity injection and clean up some log messages
Key: FALCON-2273
URL: https://issues.apache.org/jira/browse/FALCON-2273
Project: Falcon
Issue Type: Bug
Components: general
Affects Versions: trunk, 0.10
Reporter: Venkat Ranganathan
Assignee: Venkat Ranganathan
While reviewing the Falcon code, it was found that there is a potential for an external entity to be injected during XML entity parsing.
Also in the data source entity parsing, we would like to avoid the location of the credential files which can be potentially used for exploiting
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)