xmlgraphics-batik-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject [Bug 53603] "XML External Entities" vulnerability
Date Fri, 27 Jul 2012 10:15:10 GMT
https://issues.apache.org/bugzilla/show_bug.cgi?id=53603

--- Comment #3 from Jeremias Maerki <jeremias@apache.org> ---
I agree with Thomas. In a short experiment, I was able to use XInclude
(implemented by Apache Xerces-J) to force the same effect. Batik does not even
know about XInclude since it's a parser-level feature.

However, it might be a good idea to write some documentation about it so users
are reminded to secure their applications.

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: batik-dev-unsubscribe@xmlgraphics.apache.org
For additional commands, e-mail: batik-dev-help@xmlgraphics.apache.org


Mime
View raw message