[security-dev] PicketLink 2.7 and XXE
Pedro Igor Silva
psilva at redhat.com
Fri Aug 8 14:22:41 EDT 2014
Hey All,
I've merged Peter's commit into upstream/master.
Thanks Benjamin.
----- Original Message -----
From: "Anil Saldhana" <asaldhan at redhat.com>
To: "Benjamin Bentmann" <bentmann at sonatype.com>
Cc: security-dev at lists.jboss.org
Sent: Friday, August 8, 2014 11:06:06 AM
Subject: Re: [security-dev] PicketLink 2.7 and XXE
Hi Benjamin - thanks a lot. We will ensure that the fix gets into trunk.
> On Aug 8, 2014, at 8:30 AM, Benjamin Bentmann <bentmann at sonatype.com> wrote:
>
> Hi,
>
> a couple days back [0], I noticed that PicketLink 2.7.0.Beta1 was
> released but seems to miss changes to its DocumentUtil to disable entity
> expansion as done for e.g. the 2.6.x branch.
>
> I'm not sure whether my Github comment reached anybody so I figured I
> make another attempt via this channel to ensure the potential issue
> doesn't fall through the cracks.
>
> Bye,
>
>
> Benjamin
>
>
> [0]
> https://github.com/picketlink/picketlink/commit/e81bf14ea6dbbc1570b79f44f1179ae61a353040#commitcomment-7238470
> _______________________________________________
> security-dev mailing list
> security-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/security-dev
_______________________________________________
security-dev mailing list
security-dev at lists.jboss.org
https://lists.jboss.org/mailman/listinfo/security-dev
More information about the security-dev
mailing list