[jira] Updated: (JCR-1355) XML import should not access external entities

Felix Meschberger (JIRA) Thu, 13 Mar 2008 05:27:27 -0700

     [ 
https://issues.apache.org/jira/browse/JCR-1355?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Felix Meschberger updated JCR-1355:
-----------------------------------

    Fix Version/s:     (was: 1.4.1)
                   commons 1.4.1

scheduling for the commons 1.4.1 release

> XML import should not access external entities
> ----------------------------------------------
>
>                 Key: JCR-1355
>                 URL: https://issues.apache.org/jira/browse/JCR-1355
>             Project: Jackrabbit
>          Issue Type: Bug
>          Components: jackrabbit-jcr-commons, xml
>    Affects Versions: 0.9, 1.0, 1.0.1, 1.1, 1.1.1, 1.2.1, 1.2.2, 1.2.3, 1.3, 
> 1.3.1, 1.3.3, 1.4
>            Reporter: Jukka Zitting
>            Assignee: Jukka Zitting
>            Priority: Minor
>             Fix For: commons 1.4.1
>
>
> With current Jackrabbit the following XML document can not be imported:
>     <!DOCTYPE foo SYSTEM "http://invalid.address/";><foo/>
> Even if the DTD address (or some other external resource referenced in the 
> XML document) is correct, I don't think importXML() should even try resolving 
> those references.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Updated: (JCR-1355) XML import should not access external entities

Reply via email to