[
https://issues.apache.org/jira/browse/PHOENIX-4188?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Josh Elser updated PHOENIX-4188:
--------------------------------
Attachment: PHOENIX-4188.002.patch
.002 naming convention on the data files for the new test cases conflicted with
what the existing tests were expecting which caused the new parser additions to
(correctly, actually) fail the existing tests :)
> Disable DTD parsing on Pherf XML documents
> ------------------------------------------
>
> Key: PHOENIX-4188
> URL: https://issues.apache.org/jira/browse/PHOENIX-4188
> Project: Phoenix
> Issue Type: Bug
> Reporter: Josh Elser
> Assignee: Josh Elser
> Fix For: 4.12.0
>
> Attachments: PHOENIX-4188.001.patch, PHOENIX-4188.002.patch
>
>
> A security scan dinged Phoenix for an external entities attack on the XML
> files that Pherf creates.
> We can easily work around it by disabling the inline doctype definition in
> the XML parser we use.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
