[ https://issues.apache.org/jira/browse/KARAF-4209?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jean-Baptiste Onofré updated KARAF-4209: ---------------------------------------- Fix Version/s: (was: 4.0.7) 4.0.8 > Weak XML Schema: Unbounded Occurrences > -------------------------------------- > > Key: KARAF-4209 > URL: https://issues.apache.org/jira/browse/KARAF-4209 > Project: Karaf > Issue Type: Bug > Affects Versions: 4.0.3 > Reporter: Eduardo Aguinaga > Fix For: 4.1.0, 4.0.8 > > > HP Fortify SCA and SciTools Understand were used to perform an application > security analysis on the karaf source code. > Setting a maxOccurs value to unbounded can lead to resources exhaustion and > ultimately a denial of service. > File: > features/core/src/main/resources/org/apache/karaf/features/karaf-features-1.0.0.xsd > Line: 64 > karaf-features-1.0.0.xsd, lines 64-77: > 64 <xs:choice minOccurs="0" maxOccurs="unbounded"> > 65 <xs:element name="details" minOccurs="0" type="xs:string"> > 66 <xs:annotation> > 67 <xs:documentation><![CDATA[ > 68 The help text shown for this feature when using the feature:info console > command. > 69 ]]> > 70 </xs:documentation> > 71 </xs:annotation> > 72 </xs:element> > 73 <xs:element name="config" type="tns:config" /> > 74 <xs:element name="configfile" type="tns:configFile" /> > 75 <xs:element name="feature" type="tns:dependency" /> > 76 <xs:element name="bundle" type="tns:bundle" /> > 77 </xs:choice> -- This message was sent by Atlassian JIRA (v6.3.4#6332)