[security-dev] PicketLink 2.7 and XXE
Anil Saldhana
asaldhan at redhat.com
Fri Aug 8 10:06:06 EDT 2014
Hi Benjamin - thanks a lot. We will ensure that the fix gets into trunk.
> On Aug 8, 2014, at 8:30 AM, Benjamin Bentmann <bentmann at sonatype.com> wrote:
>
> Hi,
>
> a couple days back [0], I noticed that PicketLink 2.7.0.Beta1 was
> released but seems to miss changes to its DocumentUtil to disable entity
> expansion as done for e.g. the 2.6.x branch.
>
> I'm not sure whether my Github comment reached anybody so I figured I
> make another attempt via this channel to ensure the potential issue
> doesn't fall through the cracks.
>
> Bye,
>
>
> Benjamin
>
>
> [0]
> https://github.com/picketlink/picketlink/commit/e81bf14ea6dbbc1570b79f44f1179ae61a353040#commitcomment-7238470
> _______________________________________________
> security-dev mailing list
> security-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/security-dev
More information about the security-dev
mailing list