[
https://issues.apache.org/jira/browse/XERCESC-2254?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Scott Cantor resolved XERCESC-2254.
-----------------------------------
Resolution: Fixed
Appled fix to 3.3 branch in commit 259f17bcaedddccf0b9bccc165ac4b291f4eb4bf
> Some NetAccessors attempt to resolve relative URLs
> --------------------------------------------------
>
> Key: XERCESC-2254
> URL: https://issues.apache.org/jira/browse/XERCESC-2254
> Project: Xerces-C++
> Issue Type: Bug
> Components: NetAccessors
> Affects Versions: 3.0.0, 3.0.1, 3.0.2, 3.1.0, 3.1.1, 3.1.2, 3.2.0, 3.1.3,
> 3.1.4, 3.2.1, 3.2.2, 3.2.3, 3.2.4, 3.2.5
> Reporter: Scott Cantor
> Assignee: Scott Cantor
> Priority: Major
> Fix For: 3.3.0
>
>
> It was noted that the NetAccessors don't have any guard against being handed
> a relative URL, which is not a sensible thing for them to be trying to
> resolve. Further, at least one of the implemented NetAccessors can do
> protocol inference for scheme-less URLs, making them unsafe to use.
> All applications should have an entity/resource resolver guarding URLs
> anyway, but we should harden the code to just prevent it from happening by
> the supplied implementations.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org
For additional commands, e-mail: c-dev-h...@xerces.apache.org
