[
https://issues.apache.org/jira/browse/PHOENIX-4188?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16163655#comment-16163655
]
Hudson commented on PHOENIX-4188:
---------------------------------
SUCCESS: Integrated in Jenkins build Phoenix-master #1790 (See
[https://builds.apache.org/job/Phoenix-master/1790/])
PHOENIX-4188 Disable inline-DTDs in Pherf XML records (elserj: rev
4ee35057c6a63c347f959361338b517d4f5b38c4)
* (edit)
phoenix-pherf/src/main/java/org/apache/phoenix/pherf/configuration/XMLConfigParser.java
* (edit)
phoenix-pherf/src/main/java/org/apache/phoenix/pherf/result/impl/XMLResultHandler.java
* (add)
phoenix-pherf/src/test/java/org/apache/phoenix/pherf/XMLConfigParserTest.java
* (edit) phoenix-pherf/pom.xml
* (add) phoenix-pherf/src/test/resources/malicious_results_with_dtd.xml
* (edit) phoenix-pherf/config/scenario/user_defined_scenario.xml
* (add)
phoenix-pherf/src/test/java/org/apache/phoenix/pherf/result/impl/XMLResultHandlerTest.java
* (add)
phoenix-pherf/src/test/resources/scenario/malicious_scenario_with_dtd.xml
* (edit)
phoenix-pherf/src/test/java/org/apache/phoenix/pherf/ConfigurationParserTest.java
> Disable DTD parsing on Pherf XML documents
> ------------------------------------------
>
> Key: PHOENIX-4188
> URL: https://issues.apache.org/jira/browse/PHOENIX-4188
> Project: Phoenix
> Issue Type: Bug
> Reporter: Josh Elser
> Assignee: Josh Elser
> Fix For: 4.12.0
>
> Attachments: PHOENIX-4188.001.patch, PHOENIX-4188.002.patch
>
>
> A security scan dinged Phoenix for an external entities attack on the XML
> files that Pherf creates.
> We can easily work around it by disabling the inline doctype definition in
> the XML parser we use.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
