[
https://issues.apache.org/jira/browse/HADOOP-18469?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17647590#comment-17647590
]
PJ Fanning commented on HADOOP-18469:
-------------------------------------
I raised [https://github.com/apache/hadoop/pull/5224] - I will tidy it up when
it is decided if a new issue should be opened.
> Add XMLUtils methods to centralise code that creates secure XML parsers
> -----------------------------------------------------------------------
>
> Key: HADOOP-18469
> URL: https://issues.apache.org/jira/browse/HADOOP-18469
> Project: Hadoop Common
> Issue Type: Improvement
> Affects Versions: 3.3.4
> Reporter: PJ Fanning
> Assignee: PJ Fanning
> Priority: Major
> Labels: pull-request-available
> Fix For: 3.4.0, 3.3.5
>
>
> Relates to HDFS-16766
> There are other places in the code where DocumentBuilderFactory instances are
> created that could benefit from the same changes as HDFS-16766
> h3. sonatype-2022-5820
> If anyone is landing on this page following the sonatype-2022-5820 alert,
> know that there is no known issue here, just a centralisation of all
> construction of XML parsers with lockdown of all the features.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: common-issues-h...@hadoop.apache.org
