Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
* The most significant change is the addition of a new line of code to the `RunCheck()` function in the `CCheckXmlMetadataXsdValidation` class. This change is aimed at enhancing the security of the application by preventing XML External Entity (XXE) attacks. Changes: 1. A new line of code `dom_parser.setDisableDefaultEntityResolution(true);` has been added to the `RunCheck()` function in the `CCheckXmlMetadataXsdValidation` class within the `checkerXmlMetadataXsdValidation.cpp` file. This line disables the default entity resolution of the `dom_parser` object, making the application less vulnerable to XXE attacks. This change is in line with the recommendations of the Open Web Application Security Project (OWASP) to prevent potential security threats such as disclosure of internal files, denial of service, server side request forgery, port scanning, and other system impacts. (Reference: `checkerXmlMetadataXsdValidation.cpp`) * bump version * fix version
- Loading branch information