commons-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Kevin Burton" <bur...@tailrank.com>
Subject Re: [feedparser] Security patch
Date Wed, 11 Oct 2006 05:55:32 GMT
On 10/10/06, Nick Lothian <nick.lothian@gmail.com> wrote:
>
> Hi,
>
> I'm a developer on the ROME RSS/Atom parser project
> (http://rome.dev.java.net/). We were recently notified of a possible
> security issue in our code
> (http://www.somebits.com/weblog/tech/bad/xmlCode.html), which we've
> fixed.
>
> I'm aware that FeedParser is a dormant project, but the attached patch
> will fix the same problem in the Apache-Commons project version.


FeedParser def isn't dormant....

http://code.tailrank.com/feedparser

I just haven't officially announced that I'm moving it out of Apache.  Just
been to busy with official work to be a good maintainer :-/

I've also attached updated FeedParserImpl.java suitable for using with
> Kevin's TailRank version (http://tailrank.com/code.php) (Hi Kevin!)


Sweet.

SAXBuilder.java is needed for both versions.
>
> There is also an example RSS file which triggers the bug. (You'll need
> some kind of monitoring tool to check for connections to example.com
> on port 80).
>
> Hopefully someone will find these useful.


Interesting...... I'll take a look.

Thanks.

Kevin

-- 
Founder/CEO Tailrank.com
Location: San Francisco, CA
AIM/YIM: sfburtonator
Skype: burtonator
Blog: feedblog.org
Cell: 415-637-8078

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message