You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@karaf.apache.org by jb...@apache.org on 2019/10/25 06:15:41 UTC
[karaf] branch master updated: Disable external DTDs in the
LogSrviceLog4j2XmlImpl
This is an automated email from the ASF dual-hosted git repository.
jbonofre pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/karaf.git
The following commit(s) were added to refs/heads/master by this push:
new 9d56aef Disable external DTDs in the LogSrviceLog4j2XmlImpl
new 6c288da Merge pull request #974 from coheigea/transformer
9d56aef is described below
commit 9d56aeff692d3145fcb577dee12ec19b1607ff59
Author: Colm O hEigeartaigh <co...@apache.org>
AuthorDate: Thu Oct 24 15:02:32 2019 +0100
Disable external DTDs in the LogSrviceLog4j2XmlImpl
---
.../apache/karaf/log/core/internal/LogServiceLog4j2XmlImpl.java | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/log/src/main/java/org/apache/karaf/log/core/internal/LogServiceLog4j2XmlImpl.java b/log/src/main/java/org/apache/karaf/log/core/internal/LogServiceLog4j2XmlImpl.java
index 43ff786..1b840dd 100644
--- a/log/src/main/java/org/apache/karaf/log/core/internal/LogServiceLog4j2XmlImpl.java
+++ b/log/src/main/java/org/apache/karaf/log/core/internal/LogServiceLog4j2XmlImpl.java
@@ -125,6 +125,13 @@ public class LogServiceLog4j2XmlImpl implements LogServiceInternal {
try (OutputStream os = Files.newOutputStream(path, StandardOpenOption.WRITE, StandardOpenOption.TRUNCATE_EXISTING)) {
TransformerFactory tFactory = TransformerFactory.newInstance();
tFactory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, Boolean.TRUE);
+ try {
+ tFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, "");
+ tFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_STYLESHEET, "");
+ } catch (IllegalArgumentException e) {
+ // ignore
+ }
+
Transformer transformer = tFactory.newTransformer();
transformer.transform(new DOMSource(doc), new StreamResult(os));
}