You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@nifi.apache.org by "ASF subversion and git services (Jira)" <ji...@apache.org> on 2021/11/22 16:56:00 UTC
[jira] [Commented] (NIFI-9399) Apply Secure Processing to TransformXml XSLT Sources
[ https://issues.apache.org/jira/browse/NIFI-9399?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17447531#comment-17447531 ]
ASF subversion and git services commented on NIFI-9399:
-------------------------------------------------------
Commit c033debdf3077ef465b62e76c3878df325e1203b in nifi's branch refs/heads/main from David Handermann
[ https://gitbox.apache.org/repos/asf?p=nifi.git;h=c033deb ]
NIFI-9399 This closes #5542. Apply Secure Processing to TransformXml XSLT
- Added XML Stream Reader processing for XSLT with external entities disabled
- Removed unused XsltValidator
- Upgraded Saxon-HE from 9.6.0-5 to 10.6
Signed-off-by: Joe Witt <jo...@apache.org>
> Apply Secure Processing to TransformXml XSLT Sources
> ----------------------------------------------------
>
> Key: NIFI-9399
> URL: https://issues.apache.org/jira/browse/NIFI-9399
> Project: Apache NiFi
> Issue Type: Improvement
> Components: Extensions, Security
> Affects Versions: 1.15.0
> Reporter: David Handermann
> Assignee: David Handermann
> Priority: Minor
> Time Spent: 10m
> Remaining Estimate: 0h
>
> The {{TransformXml}} processor supports Secure Processing as of NiFi 1.3.0, which prevents external access attempts using XML entity references. The {{Secure Processing}} property applies to input FlowFiles, but does not apply to the XSLT source that the processor uses during transformation. {{TransformXml}} should be updated to apply Secure Processing to XSLT sources.
--
This message was sent by Atlassian Jira
(v8.20.1#820001)