[jira] [Updated] (ROL-2124) Disable DOCTYPE handling in SAX Parser

David Johnson (JIRA) Sun, 09 Dec 2018 11:17:25 -0800


     [ 
https://issues.apache.org/jira/browse/ROL-2124?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


David Johnson updated ROL-2124:
-------------------------------
           Labels: security  (was: )
    Fix Version/s: 5.2.2
      Component/s: Web Services

There are some possible exploits that target XML DOCTYPE handling so, to be 
most secure we should disable DOCTYPE handing in the SAX Parser.

> Disable DOCTYPE handling in SAX Parser
> --------------------------------------
>
>                 Key: ROL-2124
>                 URL: https://issues.apache.org/jira/browse/ROL-2124
>             Project: Apache Roller
>          Issue Type: Bug
>          Components: Web Services
>            Reporter: David Johnson
>            Assignee: David Johnson
>            Priority: Major
>              Labels: security
>             Fix For: 5.2.2
>
>




--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Updated] (ROL-2124) Disable DOCTYPE handling in SAX Parser

Reply via email to