Yuri created NIFI-4125:
--------------------------
Summary: Add basic security settings to TransformXml
Key: NIFI-4125
URL: https://issues.apache.org/jira/browse/NIFI-4125
Project: Apache NiFi
Issue Type: Improvement
Components: Core Framework
Affects Versions: 1.3.0
Reporter: Yuri
Priority: Minor
Since data flows can generally deal with non-trusted data, the processors
should handle it in a secure manner.
In case of XML there are various known vulnerabilities -
[OWASP|https://www.owasp.org/index.php/XML_External_Entity_%28XXE%29_Processing].
Some can be mitigated via XML parser/XSLT Processor features.
The TransformXml processor should have a setting enabling these secure settings.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
