[hibernate-issues] [JIRA] (HHH-13960) Add SAXReader sec features to match the defaults
Panagiotis Sotiropoulos (JIRA)
jira at hibernate.atlassian.net
Mon Apr 20 17:14:40 EDT 2020
Panagiotis Sotiropoulos ( https://hibernate.atlassian.net/secure/ViewProfile.jspa?accountId=557058%3Aa4ef16bb-9b7f-41b1-944f-78e2fbf3c82f ) *commented* on HHH-13960 ( https://hibernate.atlassian.net/browse/HHH-13960?atlOrigin=eyJpIjoiZjI4ZWZiNjAwNzVmNDRhNWFlZjhhMGRlNGZlZjc5MjgiLCJwIjoiaiJ9 )
Re: Add SAXReader sec features to match the defaults ( https://hibernate.atlassian.net/browse/HHH-13960?atlOrigin=eyJpIjoiZjI4ZWZiNjAwNzVmNDRhNWFlZjhhMGRlNGZlZjc5MjgiLCJwIjoiaiJ9 )
The default SAXReader in the new dom4j version, has these security defaults.
I think it would be a good idea, not to use fewer security SAXReader features than the default one.
Maybe additional features are needed.
( https://hibernate.atlassian.net/browse/HHH-13960#add-comment?atlOrigin=eyJpIjoiZjI4ZWZiNjAwNzVmNDRhNWFlZjhhMGRlNGZlZjc5MjgiLCJwIjoiaiJ9 ) Add Comment ( https://hibernate.atlassian.net/browse/HHH-13960#add-comment?atlOrigin=eyJpIjoiZjI4ZWZiNjAwNzVmNDRhNWFlZjhhMGRlNGZlZjc5MjgiLCJwIjoiaiJ9 )
Get Jira notifications on your phone! Download the Jira Cloud app for Android ( https://play.google.com/store/apps/details?id=com.atlassian.android.jira.core&referrer=utm_source%3DNotificationLink%26utm_medium%3DEmail ) or iOS ( https://itunes.apple.com/app/apple-store/id1006972087?pt=696495&ct=EmailNotificationLink&mt=8 ) This message was sent by Atlassian Jira (v1001.0.0-SNAPSHOT#100125- sha1:af682b6 )
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/hibernate-issues/attachments/20200420/0f0cef20/attachment.html
More information about the hibernate-issues
mailing list