Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

secure xml #1

Merged
merged 7 commits into from Nov 28, 2018

Conversation

@viqueen
Copy link

commented Nov 21, 2018

I found out that this library is open to some xml vulnerabilities (xxe / ssrf)
This pull request ensures both the MethodBase and PostRequestPars types are relying on xml secure processing

@douglm
Copy link
Member

left a comment

Great change - thank you. Could you drop the change to gitignore and reindent to 2 spaces?

I'm about to roll out a new release and I'd like this in there.

@@ -0,0 +1 @@
mvn_version=3.5.4

This comment has been minimized.

Copy link
@viqueen

viqueen Nov 28, 2018

Author

we use the following to manage maven versions across developers http://mvnvm.org/
thought it might be useful here

This comment has been minimized.

Copy link
@douglm

douglm Nov 28, 2018

Member

Thanks - I'll take a look

@douglm

douglm approved these changes Nov 28, 2018

Copy link
Member

left a comment

This all looks good - thanks

@douglm douglm merged commit ccb87c2 into Bedework:master Nov 28, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
2 participants
You can’t perform that action at this time.