[ https://issues.apache.org/jira/browse/DERBY-6810?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Bryan Pendleton updated DERBY-6810: ----------------------------------- Comment: was deleted (was: An example of how to exercise XmlVTI can be found in o.a.dT.fT.tests.lang.XMLOptimizerTraceTest.java) > Add regression tests for XXE vulnerability > ------------------------------------------ > > Key: DERBY-6810 > URL: https://issues.apache.org/jira/browse/DERBY-6810 > Project: Derby > Issue Type: Sub-task > Reporter: Bryan Pendleton > Assignee: Abhinav Gupta > Attachments: billionLaughs.diff, error-stacktrace.out, > readPasswordFile.diff > > > We should add some regression tests demonstrating that > Derby is no longer vulnerable to an XXE assault. > One possibility would be to have a example using a local > file disclosure. > Another possibility would be to have example based on the > well-known "Billion Laughs" denial of service attack. -- This message was sent by Atlassian JIRA (v6.3.4#6332)