[jira] [Commented] (NIFI-4125) Add basic security settings to TransformXml

ASF GitHub Bot (JIRA) Thu, 29 Jun 2017 11:27:24 -0700

    [ 
https://issues.apache.org/jira/browse/NIFI-4125?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16068751#comment-16068751
 ]


ASF GitHub Bot commented on NIFI-4125:
--------------------------------------

Github user asfgit closed the pull request at:

    https://github.com/apache/nifi/pull/1946


> Add basic security settings to TransformXml
> -------------------------------------------
>
>                 Key: NIFI-4125
>                 URL: https://issues.apache.org/jira/browse/NIFI-4125
>             Project: Apache NiFi
>          Issue Type: Improvement
>          Components: Core Framework
>    Affects Versions: 1.3.0
>            Reporter: Yuri
>            Priority: Minor
>              Labels: newbie, security, xslt
>
> Since data flows can generally deal with non-trusted data, the processors 
> should handle it in a secure manner.
> In case of XML there are various known vulnerabilities - 
> [OWASP|https://www.owasp.org/index.php/XML_External_Entity_%28XXE%29_Processing].
>  Some can be mitigated via XML parser/XSLT Processor features.
> The TransformXml processor should have a setting enabling these secure 
> settings.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Commented] (NIFI-4125) Add basic security settings to TransformXml

Reply via email to