You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@roller.apache.org by "David Johnson (JIRA)" <ji...@apache.org> on 2018/12/09 19:17:00 UTC

[jira] [Updated] (ROL-2124) Disable DOCTYPE handling in SAX Parser

     [ https://issues.apache.org/jira/browse/ROL-2124?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

David Johnson updated ROL-2124:
-------------------------------
           Labels: security  (was: )
    Fix Version/s: 5.2.2
      Component/s: Web Services

There are some possible exploits that target XML DOCTYPE handling so, to be most secure we should disable DOCTYPE handing in the SAX Parser.

> Disable DOCTYPE handling in SAX Parser
> --------------------------------------
>
>                 Key: ROL-2124
>                 URL: https://issues.apache.org/jira/browse/ROL-2124
>             Project: Apache Roller
>          Issue Type: Bug
>          Components: Web Services
>            Reporter: David Johnson
>            Assignee: David Johnson
>            Priority: Major
>              Labels: security
>             Fix For: 5.2.2
>
>




--
This message was sent by Atlassian JIRA
(v7.6.3#76005)