[ https://issues.apache.org/jira/browse/HBASE-17424?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15806694#comment-15806694 ]
Hudson commented on HBASE-17424: -------------------------------- FAILURE: Integrated in Jenkins build HBase-1.2-IT #583 (See [https://builds.apache.org/job/HBase-1.2-IT/583/]) HBASE-17424 Disable external entity parsing in RemoteAdmin (elserj: rev 4f008bb01d5c7ef745333d37ddbf7a1b04ba1852) * (add) hbase-rest/src/test/java/org/apache/hadoop/hbase/rest/client/TestXmlParsing.java * (edit) hbase-rest/src/main/java/org/apache/hadoop/hbase/rest/client/RemoteAdmin.java > Protect REST client against malicious XML responses. > ---------------------------------------------------- > > Key: HBASE-17424 > URL: https://issues.apache.org/jira/browse/HBASE-17424 > Project: HBase > Issue Type: Bug > Components: REST > Reporter: Josh Elser > Assignee: Josh Elser > Fix For: 2.0.0, 1.3.0, 1.4.0, 1.2.5, 1.1.9 > > Attachments: HBASE-17424.001.patch, HBASE-17424.002.patch > > > If, by some means, an unsuspecting REST server client would get a malformed > response from the REST server, it could result in the client performing some > unintended action from the XML parsing. > We should disable these extra options on the XML parser to prevent the > possibility. -- This message was sent by Atlassian JIRA (v6.3.4#6332)