[jira] [Commented] (PHOENIX-4188) Disable DTD parsing on Pherf XML documents

Josh Elser (JIRA) Fri, 08 Sep 2017 19:44:18 -0700

    [ 
https://issues.apache.org/jira/browse/PHOENIX-4188?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16159683#comment-16159683
 ]


Josh Elser commented on PHOENIX-4188:
-------------------------------------

Also, getting it seems like Pherf is a little worse for wear (at least on 1.3). 
I had to tweak a number of things to just get it to run.

> Disable DTD parsing on Pherf XML documents
> ------------------------------------------
>
>                 Key: PHOENIX-4188
>                 URL: https://issues.apache.org/jira/browse/PHOENIX-4188
>             Project: Phoenix
>          Issue Type: Bug
>            Reporter: Josh Elser
>            Assignee: Josh Elser
>             Fix For: 4.12.0
>
>
> A security scan dinged Phoenix for an external entities attack on the XML 
> files that Pherf creates.
> We can easily work around it by disabling the inline doctype definition in 
> the XML parser we use.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Commented] (PHOENIX-4188) Disable DTD parsing on Pherf XML documents

Reply via email to