phoenix-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Josh Elser (JIRA)" <j...@apache.org>
Subject [jira] [Created] (PHOENIX-4188) Disable DTD parsing on Pherf XML documents
Date Sat, 09 Sep 2017 02:42:01 GMT
Josh Elser created PHOENIX-4188:
-----------------------------------

             Summary: Disable DTD parsing on Pherf XML documents
                 Key: PHOENIX-4188
                 URL: https://issues.apache.org/jira/browse/PHOENIX-4188
             Project: Phoenix
          Issue Type: Bug
            Reporter: Josh Elser
            Assignee: Josh Elser
             Fix For: 4.12.0


A security scan dinged Phoenix for an external entities attack on the XML files that Pherf
creates.

We can easily work around it by disabling the inline doctype definition in the XML parser
we use.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Mime
View raw message