subversion-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Florian Weimer>
Subject mod_dontdothat does not inhibit XML entity expansion
Date Sat, 23 Apr 2016 15:55:23 GMT
It seems that mod_dontdothat creates an Expat XML parser without
inhibiting XML entity expansion for the internal DTD subset.  This
might cause a denial-of-service issue when parsing client-submitted

There are other pieces of code in Subversion which also create Expat
parsers this way, but they are in the client code, so there is less

May I file an issue for this?


View raw message