phoenix-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Josh Elser (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (PHOENIX-4188) Disable DTD parsing on Pherf XML documents
Date Mon, 11 Sep 2017 15:18:00 GMT

     [ https://issues.apache.org/jira/browse/PHOENIX-4188?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Josh Elser updated PHOENIX-4188:
--------------------------------
    Attachment: PHOENIX-4188.002.patch

.002 naming convention on the data files for the new test cases conflicted with what the existing
tests were expecting which caused the new parser additions to (correctly, actually) fail the
existing tests :)

> Disable DTD parsing on Pherf XML documents
> ------------------------------------------
>
>                 Key: PHOENIX-4188
>                 URL: https://issues.apache.org/jira/browse/PHOENIX-4188
>             Project: Phoenix
>          Issue Type: Bug
>            Reporter: Josh Elser
>            Assignee: Josh Elser
>             Fix For: 4.12.0
>
>         Attachments: PHOENIX-4188.001.patch, PHOENIX-4188.002.patch
>
>
> A security scan dinged Phoenix for an external entities attack on the XML files that
Pherf creates.
> We can easily work around it by disabling the inline doctype definition in the XML parser
we use.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Mime
View raw message