[security-dev] PicketLink 2.7 and XXE
asaldhan at redhat.com
Fri Aug 8 10:06:06 EDT 2014
Hi Benjamin - thanks a lot. We will ensure that the fix gets into trunk.
> On Aug 8, 2014, at 8:30 AM, Benjamin Bentmann <bentmann at sonatype.com> wrote:
> a couple days back , I noticed that PicketLink 2.7.0.Beta1 was
> released but seems to miss changes to its DocumentUtil to disable entity
> expansion as done for e.g. the 2.6.x branch.
> I'm not sure whether my Github comment reached anybody so I figured I
> make another attempt via this channel to ensure the potential issue
> doesn't fall through the cracks.
> security-dev mailing list
> security-dev at lists.jboss.org
More information about the security-dev