[ https://issues.apache.org/jira/browse/PHOENIX-4188?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16159683#comment-16159683 ]
Josh Elser commented on PHOENIX-4188: ------------------------------------- Also, getting it seems like Pherf is a little worse for wear (at least on 1.3). I had to tweak a number of things to just get it to run. > Disable DTD parsing on Pherf XML documents > ------------------------------------------ > > Key: PHOENIX-4188 > URL: https://issues.apache.org/jira/browse/PHOENIX-4188 > Project: Phoenix > Issue Type: Bug > Reporter: Josh Elser > Assignee: Josh Elser > Fix For: 4.12.0 > > > A security scan dinged Phoenix for an external entities attack on the XML > files that Pherf creates. > We can easily work around it by disabling the inline doctype definition in > the XML parser we use. -- This message was sent by Atlassian JIRA (v6.4.14#64029)