Skip to content

fix: disable XML external entities in KML parser#1673

Merged
dkhawk merged 1 commit intomainfrom
fix/xxe-vulnerability
Apr 15, 2026
Merged

fix: disable XML external entities in KML parser#1673
dkhawk merged 1 commit intomainfrom
fix/xxe-vulnerability

Conversation

@kikoso
Copy link
Copy Markdown
Collaborator

@kikoso kikoso commented Apr 15, 2026

Disables XML External Entity (XXE) features in XmlPullParserFactory to prevent security vulnerabilities during KML parsing.

@googlemaps-bot
Copy link
Copy Markdown
Contributor

googlemaps-bot commented Apr 15, 2026

Code Coverage

Overall Project 40.09% -0.03% 🍏
Files changed 0%

File Coverage
KmlLayer.java 0% -3.21%

@dkhawk dkhawk merged commit 4516be3 into main Apr 15, 2026
8 checks passed
@dkhawk dkhawk deleted the fix/xxe-vulnerability branch April 15, 2026 17:26
@googlemaps-bot googlemaps-bot mentioned this pull request Apr 15, 2026
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@dkhawk dkhawk dkhawk approved these changes

Assignees

@dkhawk dkhawk

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@kikoso @googlemaps-bot @dkhawk