[teiid-issues] [JBoss JIRA] (TEIID-2927) Guard against external entity resolving in OData Atom Feed

Steven Hawkins (JIRA) issues at jboss.org
Tue Apr 22 13:14:33 EDT 2014


     [ https://issues.jboss.org/browse/TEIID-2927?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Steven Hawkins updated TEIID-2927:
----------------------------------

    Assignee: Van Halbert


Assigning to Van to work with productization on an OData4j patch.
                
> Guard against external entity resolving in OData Atom Feed
> ----------------------------------------------------------
>
>                 Key: TEIID-2927
>                 URL: https://issues.jboss.org/browse/TEIID-2927
>             Project: Teiid
>          Issue Type: Bug
>          Components: OData, Query Engine
>    Affects Versions: 7.7, 8.4
>            Reporter: Van Halbert
>            Assignee: Van Halbert
>            Priority: Critical
>             Fix For: 8.7.1
>
>
> OData4j is responsible for parsing the Atom feed.  StaxXMLFactoryProvider2 simply creates XMLInputFactories without any options, thus they will perform external entity resolving by default.  An issue will need to be opened against OData4j.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira


More information about the teiid-issues mailing list