[ https://issues.apache.org/jira/browse/DERBY-6810?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Bryan Pendleton resolved DERBY-6810. ------------------------------------ Resolution: Fixed We haven't thought of any additional tests to include, and the existing tests seem to be working well. (Re-)resolving this issue. > Add regression tests for XXE vulnerability > ------------------------------------------ > > Key: DERBY-6810 > URL: https://issues.apache.org/jira/browse/DERBY-6810 > Project: Derby > Issue Type: Sub-task > Reporter: Bryan Pendleton > Assignee: Abhinav Gupta > Attachments: billionLaughs.diff, error-stacktrace.out, > readPasswordFile.diff, vtiTests.diff, vtiTests2.diff > > > We should add some regression tests demonstrating that > Derby is no longer vulnerable to an XXE assault. > One possibility would be to have a example using a local > file disclosure. > Another possibility would be to have example based on the > well-known "Billion Laughs" denial of service attack. -- This message was sent by Atlassian JIRA (v6.3.4#6332)