[ https://issues.apache.org/jira/browse/DRILL-8461?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17783079#comment-17783079 ]
ASF GitHub Bot commented on DRILL-8461: --------------------------------------- cgivre merged PR #2845: URL: https://github.com/apache/drill/pull/2845 > Prevent XXE Attacks in XML Format Plugin > ---------------------------------------- > > Key: DRILL-8461 > URL: https://issues.apache.org/jira/browse/DRILL-8461 > Project: Apache Drill > Issue Type: Bug > Components: Format - XML > Affects Versions: 1.21.1 > Reporter: Charles Givre > Assignee: Charles Givre > Priority: Critical > Fix For: 1.22.0 > > > Drill's XML reader would allow a maliciously crafted XML file to perform an > _XML eXternal Entity injection_ (XXE) attack. This fix disables DTD parsing > in the XML format plugin and prevents XXE attacks. -- This message was sent by Atlassian Jira (v8.20.10#820010)