Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Disable entity-related security features in CommonUtil.createSAXParser #1987

Merged
merged 1 commit into from
Nov 27, 2024
Merged

Disable entity-related security features in CommonUtil.createSAXParser #1987

merged 1 commit into from
Nov 27, 2024

Conversation

merks
Copy link
Contributor

@merks merks commented Nov 27, 2024

@hvbtup
Copy link
Contributor

hvbtup commented Nov 27, 2024

grafik

@merks This prevents XXE in some other places (eg. when parsing *.rptdesign files), but probably it does not fix #1986.

@merks
Copy link
Contributor Author

merks commented Nov 27, 2024

@hvbtup

Yes, I'm only plugging obvious holes based on what the Platform did not so long ago...

@merks merks merged commit 4870b72 into eclipse-birt:master Nov 27, 2024
3 checks passed
@merks merks deleted the issue-1986 branch November 27, 2024 12:51
@speckyspooky speckyspooky added the BugFix Change to correct issues label Nov 28, 2024
@speckyspooky speckyspooky added this to the 4.18 milestone Nov 28, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@hvbtup hvbtup hvbtup approved these changes

Assignees

@merks merks

Labels
BugFix Change to correct issues
Projects
None yet
Milestone
4.18
Development

Successfully merging this pull request may close these issues.
3 participants
@merks @hvbtup @speckyspooky