cxf-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From oferdit <>
Subject Re: DTD based XML attacks - refering to Apache CXF Security Advisory (CVE-2010-2076)
Date Sun, 15 Aug 2010 06:51:10 GMT

First we tried to use the staxiniterceptor in order to register the
XMLInputFactory which is mentioned in the advisory document. but we had some
problems with JSON requests and encoding of utf-8 messages. so what we have
done is to extend jaxbelementprovider as you mention. 
View this message in context:
Sent from the cxf-dev mailing list archive at

View raw message