Skip to content
Browse files
Fix security issue XXE
Fix security issue
  • Loading branch information
benoitx committed Oct 25, 2021
1 parent d3085a9 commit 5ebef77d7ad3cde11fca97015a0d9a44d7f17e68
Show file tree
Hide file tree
Showing 2 changed files with 5 additions and 0 deletions.
@@ -43,6 +43,7 @@
import java.util.Map.Entry;
import java.util.Set;

import javax.xml.XMLConstants;
import javax.xml.parsers.DocumentBuilder;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.parsers.ParserConfigurationException;
@@ -98,6 +99,7 @@ public static Map<String, Object> parse(final Reader xmlStreamReader, final Pars
final Map<String, Object> mdIndex = new LinkedHashMap<>(); // retain the same order

final DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
final DocumentBuilder builder = factory.newDocumentBuilder();
builder.setEntityResolver(new ResolveLocalDTD());
final org.w3c.dom.Document document = builder.parse(new InputSource(xmlStreamReader));
@@ -6,6 +6,9 @@
<release version="4.0.16" date="2021-11-01" description="Maintenance">
<action dev="benoitx" type="fix" due-to="srikanthprathi">Fixed Security issue for XXE.</action>
<release version="4.0.15" date="2021-09-17" description="Maintenance">
<action dev="benoitx" type="fix">Fixed when new line of a multi line starts with "".</action>

0 comments on commit 5ebef77

Please sign in to comment.