cgivre opened a new pull request, #2845: URL: https://github.com/apache/drill/pull/2845
# [DRILL-8461](https://issues.apache.org/jira/browse/DRILL-8461): Prevent XXE Attacks in XML Format Plugin ## Description Drill's XML reader would allow a maliciously crafted XML file to perform an XML eXternal Entity injection (XXE) attack. This fix disables DTD parsing in the XML format plugin and prevents XXE attacks. ## Documentation No user facing changes. ## Testing Added unit test and tested manually. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@drill.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
