Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

secure xml #1

Merged
merged 7 commits into from Nov 28, 2018
Merged

secure xml #1

merged 7 commits into from Nov 28, 2018

Conversation

viqueen
Copy link

@viqueen viqueen commented Nov 21, 2018

I found out that this library is open to some xml vulnerabilities (xxe / ssrf)
This pull request ensures both the MethodBase and PostRequestPars types are relying on xml secure processing

Copy link
Member

@douglm douglm left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Great change - thank you. Could you drop the change to gitignore and reindent to 2 spaces?

I'm about to roll out a new release and I'd like this in there.

@@ -0,0 +1 @@
mvn_version=3.5.4
Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

we use the following to manage maven versions across developers http://mvnvm.org/
thought it might be useful here

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks - I'll take a look

Copy link
Member

@douglm douglm left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This all looks good - thanks

@douglm douglm merged commit ccb87c2 into Bedework:master Nov 28, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

2 participants