Hi,
I'd like to get confirmation that we can backport Davide's patches to
control xml
entity expansion on the stable series
(e.g., https://github.com/geotools/geotools/pull/164)
The entity expansion thing introduces a couple of small API changes in terms
of extra methods in implementation classes (no interfaces) which makes it
backwards
compatible.
If you want to read more about this kind of attacks, see here:
http://clawslab.nds.rub.de/wiki/index.php/XML_C14N_Entity_Expansion
Cheers
Andrea
--
==
Our support, Your Success! Visit http://opensdi.geo-solutions.it for more
information.
==
Ing. Andrea Aime
@geowolf
Technical Lead
GeoSolutions S.A.S.
Via Poggio alle Viti 1187
55054 Massarosa (LU)
Italy
phone: +39 0584 962313
fax: +39 0584 1660272
mob: +39 339 8844549
http://www.geo-solutions.it
http://twitter.com/geosolutions_it
-------------------------------------------------------
------------------------------------------------------------------------------
Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free today:
http://p.sf.net/sfu/appdyn_d2d_mar
_______________________________________________
GeoTools-Devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/geotools-devel
