[
https://issues.apache.org/jira/browse/AMQ-9771?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18021143#comment-18021143
]
ASF subversion and git services commented on AMQ-9771:
------------------------------------------------------
Commit 2f6cf7cc3270aed486e9f7f8bb166811ffdb7df0 in activemq's branch
refs/heads/activemq-6.1.x from Sérgio Lemos
[ https://gitbox.apache.org/repos/asf?p=activemq.git;h=2f6cf7cc32 ]
AMQ-9771: Enable security features when building XML Schema in
activemq-runtime-config. (#1498)
(cherry picked from commit 57b05b9e1bf40c61784dedbb1adf3e1b99faed93)
> Enable secure XML processing in activemq-runtime-config
> -------------------------------------------------------
>
> Key: AMQ-9771
> URL: https://issues.apache.org/jira/browse/AMQ-9771
> Project: ActiveMQ Classic
> Issue Type: Wish
> Components: Plugin
> Affects Versions: 5.x, 6.x
> Reporter: Sérgio Lemos
> Assignee: Jean-Baptiste Onofré
> Priority: Minor
> Fix For: 6.x
>
> Time Spent: 20m
> Remaining Estimate: 0h
>
> We can enable security features to prevent [XML External Entity Injection
> attacks |https://en.wikipedia.org/wiki/XML_external_entity_attack]in the
> Runtime Configuration Plugin, similarly to how we do in other parts of the
> code:
> https://github.com/search?q=repo%3Aapache%2Factivemq%20disallow-doctype-decl&type=code
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
For further information, visit: https://activemq.apache.org/contact
