alopresto commented on issue #3507: NIFI-6301 - Added a SafeXMLConfiguration which disables XML DTDs whic… URL: https://github.com/apache/nifi/pull/3507#issuecomment-500653042 I built the PR successfully and ran a local instance. * Using `local_xxe_file.xml` the controller service validation correctly returned "Invalid" and explained the reason with the XXE error message * Using `whitespace_xxe_file.xml` the controller service validation correctly returned "Invalid" and explained the reason with the XXE error message * Using `multiline_xxe_file.xml` the controller service validated and shows "Disabled". When the "Enable" action is taken, the controller service stays in "Enabling" mode. The dialog processes as it would in a successful operation. Disabling the controller service takes ~15-30 seconds. This is not ideal for user experience I'm going to see if I can enforce the same expected behavior from the regular and whitespace XXE file on the multiline XXE file. I am also going to suppress the stacktrace unless `DEBUG` is enabled, as the stacktrace doesn't add valuable information to the provided error message.
---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected] With regards, Apache Git Services
