Build: #179 was successful
Job: Default Job was successful
Code commits
Smack (4.4)
-
Florian Schmaus <flo@geekplace.eu> 28dd56a13acd8c04f806b640ba2eb294c511bd82
Merge pull request #438 from Flowdalic/stax-disable-xxe-and-dtd
[xmlparser-stax] Disable external entities and DTD -
Florian Schmaus <flo@geekplace.eu> c1b412c4579f4c9b1a12a49bc0d07d1d8ad7adea
[xmlparser-stax] Disable external entities and DTD
Before that, the StAX parser used by Smack for XML parsing had
only external entity replacement disabled. We further harden the
parser by disabling DTDs.
See also:
https://cheatsheetseries.owasp.org/cheatsheets/XML_External_Entity_Prevention_Cheat_Sheet.html#xmlinputfactory-a-stax-parser