[JBoss JIRA] (TEIID-2911) Applications that expose RESTEasy XML endpoints
- First Post
- Replies
- Stats
-
Go to
- ----- 2025 -----
- January
- ----- 2024 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2023 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2022 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2021 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2020 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2019 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2018 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2017 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2016 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2015 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2014 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2013 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2012 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2011 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2010 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2009 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
[
https://issues.jboss.org/browse/TEIID-2911?page=com.atlassian.jira.plugin...
]
Steven Hawkins commented on TEIID-2911:
---------------------------------------
In looking at this a bit more, I believe the entity expansion is taking place in the
odata4j layer - not RESTEasy. As you dig through the parser is created with
XMLInputFactory.newInstance(), which I believe we would need to get
javax.xml.stream.isSupportingExternalEntities=false passed to. The default is unspecified
so I'm not sure if woodstox supports that by default or if there is a system wide way
to disable. I believe the same would hold true for Teiid's own usage of
XMLInputFactory.newInstance - it may be allowing SQL/XML to resolve external entities as
well.
Applications that expose RESTEasy XML endpoints
-----------------------------------------------
Key: TEIID-2911
URL: https://issues.jboss.org/browse/TEIID-2911
Project: Teiid
Issue Type: Bug
Components: OData
Affects Versions: 8.4.1, 8.7, 8.7.1
Reporter: Van Halbert
Assignee: Steven Hawkins
Priority: Critical
if applications that expose RESTEasy XML endpoints, add the following snippet to their
web.xml file to disable entity expansion in RESTEasy:
<context-param>
<param-name>resteasy.document.expand.entity.references</param-name>
<param-value>false</param-value>
</context-param>
Note that this <context-param> setting has precedence over <init-param>, and
will override a contrary setting in an <init-param> element.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
3931
days inactive
3931
days old
0 comments
1 participants
tags (0)
participants (1)
-
Steven Hawkins (JIRA)