On 10/10/06, Nick Lothian <[EMAIL PROTECTED]> wrote:
Hi, I'm a developer on the ROME RSS/Atom parser project (http://rome.dev.java.net/). We were recently notified of a possible security issue in our code (http://www.somebits.com/weblog/tech/bad/xmlCode.html), which we've fixed. I'm aware that FeedParser is a dormant project, but the attached patch will fix the same problem in the Apache-Commons project version.
FeedParser def isn't dormant.... http://code.tailrank.com/feedparser I just haven't officially announced that I'm moving it out of Apache. Just been to busy with official work to be a good maintainer :-/ I've also attached updated FeedParserImpl.java suitable for using with
Kevin's TailRank version (http://tailrank.com/code.php) (Hi Kevin!)
Sweet. SAXBuilder.java is needed for both versions.
There is also an example RSS file which triggers the bug. (You'll need some kind of monitoring tool to check for connections to example.com on port 80). Hopefully someone will find these useful.
Interesting...... I'll take a look. Thanks. Kevin -- Founder/CEO Tailrank.com Location: San Francisco, CA AIM/YIM: sfburtonator Skype: burtonator Blog: feedblog.org Cell: 415-637-8078
