Hi Scott, Do you know what the Java settings are that would make it vulnerable to this attack?
Colm. On Thu, Mar 8, 2018 at 2:40 PM, Cantor, Scott <[email protected]> wrote: > > This attack does not appear to apply to the Java DOM implementation, as > the > > entire node value is parsed - and not just the bit up to the comment. > > That's not universally true, it's a function of the parser settings used. > Java parsing can be vulnerable or not, it's outside the scope of Santuario > unless Santuario explicitly configures a parser. I didn't think it did, but > I didn't look. > > -- Scott > > > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
