[jira] [Updated] (CALCITE-5274) prevent XXE possibilities in DiffRepository (calcite testkit)

Ruben Q L (Jira) Wed, 07 Sep 2022 13:38:07 -0700


     [ 
https://issues.apache.org/jira/browse/CALCITE-5274?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Ruben Q L updated CALCITE-5274:
-------------------------------
    Fix Version/s: 1.32.0

> prevent XXE possibilities in DiffRepository (calcite testkit)
> -------------------------------------------------------------
>
>                 Key: CALCITE-5274
>                 URL: https://issues.apache.org/jira/browse/CALCITE-5274
>             Project: Calcite
>          Issue Type: Improvement
>          Components: extensions
>            Reporter: PJ Fanning
>            Assignee: Ruben Q L
>            Priority: Major
>             Fix For: 1.32.0
>
>
> [https://github.com/apache/calcite/pull/2892#discussion_r964468020]
> DocumentBuilderFactory use in DiffRepository needs changes like those in 
> [https://github.com/apache/calcite/pull/2892|https://github.com/apache/calcite/pull/2892#discussion_r964468020]
> There is also an issue with `this.doc = 
> docBuilder.parse(refFile.openStream());` - the `refFile.openStream()` gives 
> an InputStream that should be closed - try with resources pattern would make 
> sense.
>  



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Updated] (CALCITE-5274) prevent XXE possibilities in DiffRepository (calcite testkit)

Reply via email to