You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@logging.apache.org by GitBox <gi...@apache.org> on 2020/09/02 10:48:25 UTC
[GitHub] [logging-log4net] SymbioticKilla opened a new pull request #64: XmlConfigurator: do longer allow dtd processing across all platforms …
SymbioticKilla opened a new pull request #64:
URL: https://github.com/apache/logging-log4net/pull/64
…(LOG4NET-575)
This patch fixes a security vulnerabiliy reported by Karthik Balasundaram. The security
vulnerability was found in the way how log4net parses xml configuration files where it
allowed to process XML External Entity Processing. An attacker could use this as an
attack vector if he could modify the XML configuration file.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [logging-log4net] fluffynuts commented on pull request #64: XmlConfigurator: do longer allow dtd processing across all platforms …
Posted by GitBox <gi...@apache.org>.
fluffynuts commented on pull request #64:
URL: https://github.com/apache/logging-log4net/pull/64#issuecomment-691513183
Thanks, this fix is now in master & should be available in release 2.0.10
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [logging-log4net] jazpearson commented on pull request #64: XmlConfigurator: do longer allow dtd processing across all platforms …
Posted by GitBox <gi...@apache.org>.
jazpearson commented on pull request #64:
URL: https://github.com/apache/logging-log4net/pull/64#issuecomment-685875512
Would be great to see this merged as this is blocking us,
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [logging-log4net] SymbioticKilla closed pull request #64: XmlConfigurator: do longer allow dtd processing across all platforms …
Posted by GitBox <gi...@apache.org>.
SymbioticKilla closed pull request #64:
URL: https://github.com/apache/logging-log4net/pull/64
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [logging-log4net] fluffynuts commented on pull request #64: XmlConfigurator: do longer allow dtd processing across all platforms …
Posted by GitBox <gi...@apache.org>.
fluffynuts commented on pull request #64:
URL: https://github.com/apache/logging-log4net/pull/64#issuecomment-691513183
Thanks, this fix is now in master & should be available in release 2.0.10
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [logging-log4net] SymbioticKilla commented on pull request #64: XmlConfigurator: do longer allow dtd processing across all platforms …
Posted by GitBox <gi...@apache.org>.
SymbioticKilla commented on pull request #64:
URL: https://github.com/apache/logging-log4net/pull/64#issuecomment-685614850
I hope it is fine. If not than sorry => close/delete it.
Thanks!
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [logging-log4net] SymbioticKilla commented on pull request #64: XmlConfigurator: do longer allow dtd processing across all platforms …
Posted by GitBox <gi...@apache.org>.
SymbioticKilla commented on pull request #64:
URL: https://github.com/apache/logging-log4net/pull/64#issuecomment-688103870
Commit wa merged to master branch.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [logging-log4net] fluffynuts commented on pull request #64: XmlConfigurator: do longer allow dtd processing across all platforms …
Posted by GitBox <gi...@apache.org>.
fluffynuts commented on pull request #64:
URL: https://github.com/apache/logging-log4net/pull/64#issuecomment-691513183
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [logging-log4net] NicholasNoise commented on pull request #64: XmlConfigurator: do longer allow dtd processing across all platforms …
Posted by GitBox <gi...@apache.org>.
NicholasNoise commented on pull request #64:
URL: https://github.com/apache/logging-log4net/pull/64#issuecomment-687041804
Is there any way to test this behavior?
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org