exceptionfactory commented on code in PR #5962:
URL: https://github.com/apache/nifi/pull/5962#discussion_r849845697
##########
nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/main/java/org/apache/nifi/processors/standard/EvaluateXQuery.java:
##########
@@ -156,7 +152,7 @@ public class EvaluateXQuery extends AbstractProcessor {
.description("Specifies whether or not the XML content should be
validated against the DTD.")
.required(true)
.allowableValues("true", "false")
- .defaultValue("true")
+ .defaultValue("false")
Review Comment:
Disabling Document Type Validation in the default configuration provides a
more secure starting point for new instances of the Processor. The
implementation in `StandardDocumentProvider` provides standard security
restrictions on Document Type Validation, so enabling the `Validate DTD`
property is not the optimal configuration. Changing the default value to
`false` retains the property for deployments where embedded DTD validation is
desired.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
