New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix xxe injection vulnerability #3808
Conversation
Fix xxe injection vulnerability
|
Can one of the admins verify this patch? |
8 similar comments
|
Can one of the admins verify this patch? |
|
Can one of the admins verify this patch? |
|
Can one of the admins verify this patch? |
|
Can one of the admins verify this patch? |
|
Can one of the admins verify this patch? |
|
Can one of the admins verify this patch? |
|
Can one of the admins verify this patch? |
|
Can one of the admins verify this patch? |
|
The new pr uses constants. @mariofusco |
|
@mariofusco Hello, can you create a Security Advisories? I want to try to apply for cve, thank you. Reference: https://docs.github.com/en/code-security/security-advisories/about-github-security-advisories |
|
ok to test |
|
Kudos, SonarCloud Quality Gate passed! |
|
@mariofusco @tarilabs @mareknovotny Hello, can you create a Security Advisories? I want to request a cve identification number, thank you. Reference: |
This reverts commit 42e2964.
|
|
|
@haby0 could you please report (what is the vulnerability) it on email address secalert@redhat.com or directly to me (mnovotny at redhat.com)? |
* make Drools uber-jar friendly * Update doc-content/drools-docs/src/main/asciidoc/ReleaseNotes/ReleaseNotesDrools.7.58.0.Final/uberjar-friendly-kie-conf.adoc Co-authored-by: Heena Manwani <59050394+hmanwani-rh@users.noreply.github.com> * wip * wip Co-authored-by: Heena Manwani <59050394+hmanwani-rh@users.noreply.github.com>
* make Drools uber-jar friendly * Update doc-content/drools-docs/src/main/asciidoc/ReleaseNotes/ReleaseNotesDrools.7.58.0.Final/uberjar-friendly-kie-conf.adoc Co-authored-by: Heena Manwani <59050394+hmanwani-rh@users.noreply.github.com> * wip * wip Co-authored-by: Heena Manwani <59050394+hmanwani-rh@users.noreply.github.com>








The Validator class is not used correctly, resulting in an xxe injection vulnerability.