Skip to content
Browse files

fix for security

  • Loading branch information
evernat committed Sep 4, 2018
1 parent 00dd8d5 commit ef111822562d0b9365bd3e671a75b65bd0613353
@@ -235,6 +235,8 @@ private static String parseSoapMethodName(InputStream stream, String charEncodin
try {
// newInstance() et pas newFactory() pour java 1.5 (issue 367)
final XMLInputFactory factory = XMLInputFactory.newInstance();
factory.setProperty(XMLInputFactory.SUPPORT_DTD, false); // disable DTDs entirely for that factory
factory.setProperty(XMLInputFactory.IS_SUPPORTING_EXTERNAL_ENTITIES, false); // disable external entities
final XMLStreamReader xmlReader;
if (charEncoding != null) {
xmlReader = factory.createXMLStreamReader(stream, charEncoding);

1 comment on commit ef11182


This comment has been minimized.

Copy link

@abergmann abergmann commented on ef11182 Oct 12, 2018

CVE-2018-15531 was assigned to this issue.

Please sign in to comment.
You can’t perform that action at this time.