[jbossws-issues] [JBoss JIRA] Reopened: (JBWS-1582) Externalize parser properties
Richard Opalka (JIRA)
jira-events at lists.jboss.org
Fri Apr 24 10:20:58 EDT 2009
[ https://jira.jboss.org/jira/browse/JBWS-1582?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Richard Opalka reopened JBWS-1582:
----------------------------------
> Externalize parser properties
> -----------------------------
>
> Key: JBWS-1582
> URL: https://jira.jboss.org/jira/browse/JBWS-1582
> Project: JBoss Web Services
> Issue Type: Feature Request
> Security Level: Public(Everyone can see)
> Components: jbossws-native
> Affects Versions: jbossws-native-3.1.1
> Reporter: Thomas Diesler
> Assignee: Richard Opalka
> Fix For: jbossws-native-3.1.2
>
>
> A question has come up around the dtd entity parsing denial of service issue raised here:
> http://www-128.ibm.com/developerworks/xml/library/x-tipcfsx.html
> http://java.sun.com/j2se/1.5.0/docs/guide/xml/jaxp/JAXP-Compatibility_150.html#JAXP_security
> Are we allowing for the use of the parser.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true) to limit the defaults?
> What about disabling doctypes via the http://apache.org/xml/features/disallow-doctype-decl feature:
> http://xerces.apache.org/xerces2-j/features.html
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jbossws-issues
mailing list