Update branding for 3.1.6 #3126
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…4de4-930c-a2dfacbe8d40 into internal/release/3.1
…Sequence` method which could lead to code execution [.Net Core 3.1] - Missing variant fix [Bug 1092072](https://devdiv.visualstudio.com/DefaultCollection/DevDiv/_workitems/edit/1092072): MSRC 54120: XAMLReader.Load used by `GetFixedDocumentSequence` method which could lead to code execution [.Net Core 3.1] - Missing variant fix ## **Description** Loose xaml can contain executable payload e.g. `ObjectDataProvider`. This XAML can be included as part of `XpsDocument`s in their `FixedDocumentSequence` or `FixedPage`. In WPF, we were allowing `XpsDocument`s to be loaded freely via `XamlReader.Load`. This exposes an attack vector - when a user downloads an XPS file from the internet for viewing, they could end up executing untrusted code. The fix is to identify known dangerous `Type`s and limit them from being deserialized during XAML loading. In order to accomplish this, we previously added new non-public overloads to the `XamlReader.Load` method to enable the use of `RestrictiveXamlXmlReader`.`RestrictiveXamlXmlReader` restricts known dangerous `Type`s from being loaded while deserializing xaml. One of these dangerous `Type`s is `System.Windows.ResourceDictionary`, which is a valid `Type` in XML schema. To allow this valid `Type` we added another non-public overload to the `XamlReader.Load` method which takes an additional parameter, safeTypes, a list of `Type`s which can be loaded safely. We also added a new constructor to the `RestrictiveXamlXmlReader` which takes an additional parameter of safeTypes which are marked as safe to load for this instance of the `RestrictiveXamlXmlReader`. ### **Customer Impact** Customers would be protected from opening potentially-compromised XPS documents. ### **Regression** No. This security issue was reported by an external party. ### **Risk - Low** - This change only affects loading XPS documents. - The change has been tested well internally. - We ran regression tests to ensure nothing else is inadvertently broken. - Validated against POC to ensure that the fix works as intended.
…41ec-ae19-7278e25b4774 into internal/release/3.1
ryalanms
force-pushed
the
release3.1-3.1.5-update
branch
from
271a294 to
0d0602a
Compare
wtgodbe
approved these changes
Jun 11, 2020
fabiant3
approved these changes
Jun 11, 2020
Member
Author
|
Thanks for reviewing. |
ghost
locked as resolved and limited conversation to collaborators
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
5 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Update branding for 3.1.6
Includes the merge from internal/release/3.1 (847da8f) which resulted in no changes after resolving merge conflicts. No MSRCs were taken for this release, so that is expected.