[
https://issues.apache.org/jira/browse/AMQ-9771?focusedWorklogId=983557&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-983557
]
ASF GitHub Bot logged work on AMQ-9771:
---------------------------------------
Author: ASF GitHub Bot
Created on: 17/Sep/25 21:15
Start Date: 17/Sep/25 21:15
Worklog Time Spent: 10m
Work Description: sergio-d-lemos opened a new pull request, #1498:
URL: https://github.com/apache/activemq/pull/1498
Enables XML security features in the runtime-config plugin similar to how we
do in other modules.
I tested by running an ActiveMQ broker with the `runtimeConfigurationPlugin`
enabled, the plugin started and picked up changes in activemq.xml.
Issue Time Tracking
-------------------
Worklog Id: (was: 983557)
Remaining Estimate: 0h
Time Spent: 10m
> Enable secure XML processing in activemq-runtime-config
> -------------------------------------------------------
>
> Key: AMQ-9771
> URL: https://issues.apache.org/jira/browse/AMQ-9771
> Project: ActiveMQ Classic
> Issue Type: Wish
> Components: Plugin
> Affects Versions: 5.x, 6.x
> Reporter: Sérgio Lemos
> Priority: Minor
> Fix For: 6.x
>
> Time Spent: 10m
> Remaining Estimate: 0h
>
> We can enable security features to prevent [XML External Entity Injection
> attacks |https://en.wikipedia.org/wiki/XML_external_entity_attack]in the
> Runtime Configuration Plugin, similarly to how we do in other parts of the
> code:
> https://github.com/search?q=repo%3Aapache%2Factivemq%20disallow-doctype-decl&type=code
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@activemq.apache.org
For additional commands, e-mail: issues-h...@activemq.apache.org
For further information, visit: https://activemq.apache.org/contact
