Just pinging in case our NSXMLDocument implementation is vulnerable to XML XXE.
https://www.owasp.org/index.php/XML_External_Entity_(XXE)_Processing libxml2 after 2.9 has this disabled by default. On iOS (and presumably OS X) one is safe only by specifying NSXMLNodeLoadExternalEntitiesNever. I can't check right now, but if GNUstep does behave the same way as OS X/iOS, anyone writing network services and using GNUstep's NSXMLDocument may want to check that they are safe.
_______________________________________________ Discuss-gnustep mailing list [email protected] https://lists.gnu.org/mailman/listinfo/discuss-gnustep
