[ https://issues.apache.org/jira/browse/BATIK-1338?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Simon Steiner updated BATIK-1338: --------------------------------- Description: We should block loading jars by default to avoid running untrusted code: <script type="application/java-archive" xlink:href="file.jar"/> CVE-2022-41704 was: We should block loading jars by default to avoid running untrusted code: <script type="application/java-archive" xlink:href="file.jar"/> > Block loading jar inside svg > ---------------------------- > > Key: BATIK-1338 > URL: https://issues.apache.org/jira/browse/BATIK-1338 > Project: Batik > Issue Type: Bug > Reporter: Simon Steiner > Assignee: Simon Steiner > Priority: Major > Fix For: trunk > > > We should block loading jars by default to avoid running untrusted code: > <script type="application/java-archive" xlink:href="file.jar"/> > CVE-2022-41704 -- This message was sent by Atlassian Jira (v8.20.10#820010) --------------------------------------------------------------------- To unsubscribe, e-mail: batik-dev-unsubscr...@xmlgraphics.apache.org For additional commands, e-mail: batik-dev-h...@xmlgraphics.apache.org