[
https://issues.apache.org/jira/browse/ROL-2124?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16714064#comment-16714064
]
David Johnson edited comment on ROL-2124 at 12/15/18 11:20 PM:
---------------------------------------------------------------
XML DOCTYPE handling is not needed by Roller so to be most secure we should
disable DOCTYPE handing in the SAX Parser.
was (Author: djohnson):
There are some possible exploits that target XML DOCTYPE handling so, to be
most secure we should disable DOCTYPE handing in the SAX Parser.
> Disable DOCTYPE handling in SAX Parser
> --------------------------------------
>
> Key: ROL-2124
> URL: https://issues.apache.org/jira/browse/ROL-2124
> Project: Apache Roller
> Issue Type: Bug
> Components: Web Services
> Reporter: David Johnson
> Assignee: David Johnson
> Priority: Major
> Labels: security
> Fix For: 5.2.2
>
>
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
