alopresto commented on issue #3507: NIFI-6301 - Added a SafeXMLConfiguration which disables XML DTDs whic… URL: https://github.com/apache/nifi/pull/3507#issuecomment-500661444 I was able to modify some code to allow multiline XXE attacks to be caught during validation. I updated the unit tests to accurately reflect this. I discovered another issue -- the `XXEValidator` seems to continue running on a looped thread even when the `XMLFileLookupService` is _Invalid_, and even after it's been deleted (see screenshot). I'll continue investigating. <img width="1920" alt="Screen Shot 2019-06-10 at 7 22 55 PM" src="https://user-images.githubusercontent.com/798465/59239137-63219f00-8bb5-11e9-8d5d-603b0ea17126.png";>
---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected] With regards, Apache Git Services
![https://user-images.githubusercontent.com/798465/59239137-63219f00-8bb5-11e9-8d5d-603b0ea17126.png"](https://user-images.githubusercontent.com/798465/59239137-63219f00-8bb5-11e9-8d5d-603b0ea17126.png"){kind=link}