bhaveshamre opened a new pull request, #852: URL: https://github.com/apache/ranger/pull/852
## What changes were proposed in this pull request? This pull request fixes a critical XML External Entity (XXE) injection vulnerability reported by Fortify. Configures the TransformerFactory using the supported JAXP mechanism (setAttribute() with ACCESS_EXTERNAL_DTD and ACCESS_EXTERNAL_STYLESHEET) to restrict external entity access during XML transformation. This maintains the intended XXE protection while ensuring compatibility across JDK versions and different TransformerFactory implementations. ## How was this patch tested? Confirmed no TransformerConfigurationException is thrown during plugin setup. Confirmed plugin properties are added while preserving existing configuration. Verified successful using: mvn clean compile package install. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
