falcon-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Venkat Ranganathan (JIRA)" <j...@apache.org>
Subject [jira] [Created] (FALCON-2273) Disallow external entity injection and clean up some log messages
Date Thu, 02 Feb 2017 17:59:51 GMT
Venkat Ranganathan created FALCON-2273:
------------------------------------------

             Summary: Disallow external entity injection and clean up some log messages
                 Key: FALCON-2273
                 URL: https://issues.apache.org/jira/browse/FALCON-2273
             Project: Falcon
          Issue Type: Bug
          Components: general
    Affects Versions: trunk, 0.10
            Reporter: Venkat Ranganathan
            Assignee: Venkat Ranganathan


While reviewing the Falcon code, it was found that there is a potential for an external entity
to be injected during XML entity parsing.

Also in the data source entity parsing, we would like to avoid the location of the credential
files which can be potentially used for exploiting



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

Mime
View raw message