Hi there, I'm looking for some clarification on this vulnerability. Based on the description provided it's unclear under what circumstances this vulnerability exists. For example, what is meant with "a malicious implementation" - an implementation of what? What exactly are the implied "potential security flaws"?
Could you clarify the precise impact for the community? At the moment I'm not certain whether this description implies an arbitrary XML External Entity attack in nearly all usage conditions, or whether this requires very specific conditions to be present in the use of Santuario. Thank you for developing this library - I hope you can help. -- Sent from: http://apache-xml-project.6118.n7.nabble.com/Apache-XML-Security-Dev-f33675.html
