You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@falcon.apache.org by "Venkat Ranganathan (JIRA)" <ji...@apache.org> on 2017/02/02 17:59:51 UTC

[jira] [Created] (FALCON-2273) Disallow external entity injection and clean up some log messages

Venkat Ranganathan created FALCON-2273:
------------------------------------------

             Summary: Disallow external entity injection and clean up some log messages
                 Key: FALCON-2273
                 URL: https://issues.apache.org/jira/browse/FALCON-2273
             Project: Falcon
          Issue Type: Bug
          Components: general
    Affects Versions: trunk, 0.10
            Reporter: Venkat Ranganathan
            Assignee: Venkat Ranganathan


While reviewing the Falcon code, it was found that there is a potential for an external entity to be injected during XML entity parsing.

Also in the data source entity parsing, we would like to avoid the location of the credential files which can be potentially used for exploiting



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)