This is an automated email from the ASF dual-hosted git repository.
robertlazarski pushed a change to branch master
in repository https://gitbox.apache.org/repos/asf/axis-axis2-java-core.git
from 11b2d27224 Create empty 2.0.2 release notes placeholder
new 18325e6d7f docs: Update release process for site.xml check and manual
dist upload
new 1d3457d123 Harden WSDL import parsing against XXE and SSRF
new 7ac84d8339 Harden schema import resolution against SSRF (CWE-918)
new 0afbb74417 Fix SSRF bypass via relative path + remote base URI, harden
WSDL locators
new d93657ea86 Switch getXMLSchema() resolver from blocklist to allowlist
The 5 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
Summary of changes:
.../deployment/resolver/AARBasedWSDLLocator.java | 13 +-
.../resolver/AARFileBasedURIResolver.java | 10 ++
.../deployment/resolver/WarBasedWSDLLocator.java | 14 +-
.../resolver/WarFileBasedURIResolver.java | 28 +++-
.../org/apache/axis2/description/AxisService.java | 12 +-
.../description/WSDL11ToAxisServiceBuilder.java | 5 +
.../description/WSDLToAxisServiceBuilder.java | 41 ++++++
.../org/apache/axis2/util/SecureWSDLLocator.java | 164 +++++++++++++++++++++
.../kernel/src/org/apache/axis2/util/XMLUtils.java | 9 ++
.../apache/axis2/deployment/URIResolverTest.java | 46 +++++-
src/site/markdown/release-process.md | 38 ++++-
11 files changed, 359 insertions(+), 21 deletions(-)
create mode 100644
modules/kernel/src/org/apache/axis2/util/SecureWSDLLocator.java
