With a couple hints now available to control the sax parser (disabling DTD or supplying an entity resolver) I have struggle to hook this up to gt-wms.
Note turning off DTD will sacrifice full wms 1.1.1 compatibility as that spec can use a dtd. Options for hints include, pass a hints map around to all the methods (changing internal API) playing silly games with a global setting (or a thread local). On Wed, Sep 14, 2016 at 5:01 PM Andrea Aime <andrea.a...@geo-solutions.it> wrote: > Hi Jody, > there is another issue, in that it makes entity resolution not > controllable, it's just plain > disabled. This is not how we addressed XEE in the past in the other > parsers, > see GEOT-4404. > It would be best to have consistency > > Cheers > Andrea > > > On Wed, Sep 14, 2016 at 5:10 AM, Jody Garnett <jody.garn...@gmail.com> > wrote: > >> Just noticed https://github.com/geotools/geotools/pull/1302 ( >> https://osgeo-org.atlassian.net/browse/GEOT-5514) which contains a >> security fix we may consider for the upcoming releases. The actual fix >> seems straight forward, the only glitch is introducing yet-another mocking >> library (in this case to test a static method). >> -- >> Jody Garnett >> >> >> ------------------------------------------------------------------------------ >> >> _______________________________________________ >> GeoTools-Devel mailing list >> GeoTools-Devel@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/geotools-devel >> >> > > > -- > == > GeoServer Professional Services from the experts! Visit > http://goo.gl/it488V for more information. > == > > Ing. Andrea Aime > @geowolf > Technical Lead > > GeoSolutions S.A.S. > Via di Montramito 3/A > 55054 Massarosa (LU) > phone: +39 0584 962313 > fax: +39 0584 1660272 > mob: +39 339 8844549 > > http://www.geo-solutions.it > http://twitter.com/geosolutions_it > > *AVVERTENZE AI SENSI DEL D.Lgs. 196/2003* > > Le informazioni contenute in questo messaggio di posta elettronica e/o > nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il > loro utilizzo è consentito esclusivamente al destinatario del messaggio, > per le finalità indicate nel messaggio stesso. Qualora riceviate questo > messaggio senza esserne il destinatario, Vi preghiamo cortesemente di > darcene notizia via e-mail e di procedere alla distruzione del messaggio > stesso, cancellandolo dal Vostro sistema. Conservare il messaggio stesso, > divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo, od > utilizzarlo per finalità diverse, costituisce comportamento contrario ai > principi dettati dal D.Lgs. 196/2003. > > > > The information in this message and/or attachments, is intended solely for > the attention and use of the named addressee(s) and may be confidential or > proprietary in nature or covered by the provisions of privacy act > (Legislative Decree June, 30 2003, no.196 - Italy's New Data Protection > Code).Any use not in accord with its purpose, any disclosure, reproduction, > copying, distribution, or either dissemination, either whole or partial, is > strictly forbidden except previous formal approval of the named > addressee(s). If you are not the intended recipient, please contact > immediately the sender by telephone, fax or e-mail and delete the > information in this message that has been received in error. The sender > does not give any warranty or accept liability as the content, accuracy or > completeness of sent messages and accepts no responsibility for changes > made after they were sent or for other risks which arise as a result of > e-mail transmission, viruses, etc. > > ------------------------------------------------------- > -- -- Jody Garnett
------------------------------------------------------------------------------
_______________________________________________ GeoTools-Devel mailing list GeoTools-Devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/geotools-devel
