SECURITY-2832

Made changes for XXE vulnerability security issue
jenkinsci · Aug 25, 2022 · a92f1fb · a92f1fb
1 parent 92fad2c
commit a92f1fb
Showing 1 changed file with 2 additions and 0 deletions.
diff --git a/src/main/java/com/compuware/jenkins/common/utils/CLIVersionUtils.java b/src/main/java/com/compuware/jenkins/common/utils/CLIVersionUtils.java
@@ -189,6 +189,8 @@ private static String parseXml(InputStream versionfile) throws IOException
 		try
 		{
 		    DocumentBuilderFactory dbFactory = DocumentBuilderFactory.newInstance();
+		    dbFactory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true); 
+		    dbFactory.setFeature("http://xml.org/sax/features/external-general-entities", false);
 		    DocumentBuilder dBuilder = dbFactory.newDocumentBuilder();
 		    Document document = dBuilder.parse(versionfile);