Re: [security-dev] PicketLink 2.7 and XXE

Friday, 8 August 2014

Hey All,

   I've merged Peter's commit into upstream/master.

Thanks Benjamin.

----- Original Message -----
From: "Anil Saldhana" <asaldhan(a)redhat.com&gt;
To: "Benjamin Bentmann" <bentmann(a)sonatype.com&gt;
Cc: security-dev(a)lists.jboss.org
Sent: Friday, August 8, 2014 11:06:06 AM
Subject: Re: [security-dev] PicketLink 2.7 and XXE

Hi Benjamin - thanks a lot. We will ensure that the fix gets into trunk.

...
 On Aug 8, 2014, at 8:30 AM, Benjamin Bentmann
<bentmann(a)sonatype.com&gt; wrote:

 Hi,

 a couple days back [0], I noticed that PicketLink 2.7.0.Beta1 was 
 released but seems to miss changes to its DocumentUtil to disable entity 
 expansion as done for e.g. the 2.6.x branch.

 I'm not sure whether my Github comment reached anybody so I figured I 
 make another attempt via this channel to ensure the potential issue 
 doesn't fall through the cracks.

 Bye,

 Benjamin

 [0] 

https://github.com/picketlink/picketlink/commit/e81bf14ea6dbbc1570b79f44f...
 _______________________________________________
 security-dev mailing list
 security-dev(a)lists.jboss.org
 https://lists.jboss.org/mailman/listinfo/security-dev 
_______________________________________________
security-dev mailing list
security-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/security-dev

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Re: [security-dev] PicketLink 2.7 and XXE