db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Bryan Pendleton (JIRA)" <j...@apache.org>
Subject [jira] [Created] (DERBY-6810) Add regression tests for XXE vulnerability
Date Sun, 24 May 2015 17:14:17 GMT
Bryan Pendleton created DERBY-6810:
--------------------------------------

             Summary: Add regression tests for XXE vulnerability
                 Key: DERBY-6810
                 URL: https://issues.apache.org/jira/browse/DERBY-6810
             Project: Derby
          Issue Type: Sub-task
            Reporter: Bryan Pendleton


We should add some regression tests demonstrating that
Derby is no longer vulnerable to an XXE assault.

One possibility would be to have a example using a local
file disclosure.

Another possibility would be to have example based on the
well-known "Billion Laughs" denial of service attack.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message