You are viewing a plain text version of this content. The canonical link for it is here.
Posted to j-dev@xerces.apache.org by "Michael Glavassevich (JIRA)" <xe...@xml.apache.org> on 2010/07/05 04:17:53 UTC
[jira] Updated: (XERCESJ-1455) New system property to limit entity
expansion
[ https://issues.apache.org/jira/browse/XERCESJ-1455?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Michael Glavassevich updated XERCESJ-1455:
------------------------------------------
Fix Version/s: (was: 2.7.1)
(was: 2.8.0)
(was: 2.8.1)
(was: 2.9.0)
(was: 2.9.1)
(was: 2.10.0)
> New system property to limit entity expansion
> ---------------------------------------------
>
> Key: XERCESJ-1455
> URL: https://issues.apache.org/jira/browse/XERCESJ-1455
> Project: Xerces2-J
> Issue Type: Improvement
> Components: JAXP (javax.xml.parsers)
> Affects Versions: 2.7.1, 2.8.0, 2.8.1, 2.9.0, 2.9.1, 2.10.0
> Environment: all
> Reporter: yuechen
> Priority: Trivial
> Original Estimate: 2h
> Remaining Estimate: 2h
>
> when setting org.apache.xerces.util.SecurityManager, default entityExpansionLimit is 100,000. this is still too high in many cases. although security Manager does have a setter for entityExpansionLimit, it will be more user friendly to have a new system property to limit entity expansion, such as the one in Sun's JAXP implementation: http://java.sun.com/j2se/1.5.0/docs/guide/xml/jaxp/JAXP-Compatibility_150.html#JAXP_security
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
To unsubscribe, e-mail: j-dev-unsubscribe@xerces.apache.org
For additional commands, e-mail: j-dev-help@xerces.apache.org