[jira] [Commented] (PHOENIX-4188) Disable DTD parsing on Pherf XML documents

Josh Elser (JIRA) Tue, 12 Sep 2017 08:07:16 -0700

    [ 
https://issues.apache.org/jira/browse/PHOENIX-4188?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16163090#comment-16163090
 ]


Josh Elser commented on PHOENIX-4188:
-------------------------------------

Any feedback, [~mujtabachohan]? ;)

I think it's ready to go in.

> Disable DTD parsing on Pherf XML documents
> ------------------------------------------
>
>                 Key: PHOENIX-4188
>                 URL: https://issues.apache.org/jira/browse/PHOENIX-4188
>             Project: Phoenix
>          Issue Type: Bug
>            Reporter: Josh Elser
>            Assignee: Josh Elser
>             Fix For: 4.12.0
>
>         Attachments: PHOENIX-4188.001.patch, PHOENIX-4188.002.patch
>
>
> A security scan dinged Phoenix for an external entities attack on the XML 
> files that Pherf creates.
> We can easily work around it by disabling the inline doctype definition in 
> the XML parser we use.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Commented] (PHOENIX-4188) Disable DTD parsing on Pherf XML documents

Reply via email to