[security-dev] PicketLink 2.7 and XXE
Benjamin Bentmann
bentmann at sonatype.com
Fri Aug 8 09:30:41 EDT 2014
Hi,
a couple days back [0], I noticed that PicketLink 2.7.0.Beta1 was
released but seems to miss changes to its DocumentUtil to disable entity
expansion as done for e.g. the 2.6.x branch.
I'm not sure whether my Github comment reached anybody so I figured I
make another attempt via this channel to ensure the potential issue
doesn't fall through the cracks.
Bye,
Benjamin
[0]
https://github.com/picketlink/picketlink/commit/e81bf14ea6dbbc1570b79f44f1179ae61a353040#commitcomment-7238470
More information about the security-dev
mailing list