Skip to content

Commit

Permalink
Fix security issue XXE
Browse files Browse the repository at this point in the history 
Fix security issue
  • Loading branch information
@benoitx
benoitx committed Oct 25, 2021
1 parent d3085a9 commit 5ebef77
Show file tree
Hide file tree
Showing 2 changed files with 5 additions and 0 deletions.
2 changes: 2 additions & 0 deletions flatpack/src/main/java/net/sf/flatpack/xml/MapParser.java
View file
Expand Up @@ -43,6 +43,7 @@
import java.util.Map.Entry;
import java.util.Set;

import javax.xml.XMLConstants;
import javax.xml.parsers.DocumentBuilder;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.parsers.ParserConfigurationException;
Expand Down Expand Up @@ -98,6 +99,7 @@ public static Map<String, Object> parse(final Reader xmlStreamReader, final Pars
final Map<String, Object> mdIndex = new LinkedHashMap<>(); // retain the same order

final DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
final DocumentBuilder builder = factory.newDocumentBuilder();
builder.setEntityResolver(new ResolveLocalDTD());
final org.w3c.dom.Document document = builder.parse(new InputSource(xmlStreamReader));
Expand Down
3 changes: 3 additions & 0 deletions src/changes/changes.xml
View file
Expand Up @@ -6,6 +6,9 @@
<title>Changes</title>
</properties>
<body>
<release version="4.0.16" date="2021-11-01" description="Maintenance">
<action dev="benoitx" type="fix" due-to="srikanthprathi">Fixed Security issue for XXE.</action>
</release>
<release version="4.0.15" date="2021-09-17" description="Maintenance">
<action dev="benoitx" type="fix">Fixed when new line of a multi line starts with "".</action>
</release>
Expand Down

0 comments on commit 5ebef77

Please sign in to comment.