This repository has been archived by the owner on May 9, 2020. It is now read-only.
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
"Applied fix from trunk for revision: 1736434 "
------------------------------------------------------------------------ r1736434 | jleroux | 2016-03-24 13:12:11 +0100 (jeu. 24 mars 2016) | 7 lignes Fixes "Update XStream lib to prevent XML External Entity (XXE) Processing" - https://issues.apache.org/jira/browse/OFBIZ-6959 The XStream team has released the 1.4.9 stable version in March 15, 2016 This version fixes the XML External Entity (XXE) Processing security issue https://www.owasp.org/index.php/XML_External_Entity_%28XXE%29_Processing Since OFBiz uses the DomDriver, with Java 6 at least in supported releases, OFBiz seems not really vulnerable https://x-stream.github.io/faq.html#Security_XXEVulnerability, but better to be safe than sorry, notably for not OOTB uses... ------------------------------------------------------------------------ � git-svn-id: https://svn.apache.org/repos/asf/ofbiz/branches/release12.04@1736438 13f79535-47bb-0310-9956-ffa450edef68
- Loading branch information