http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=6803
--- Comment #13 from Frère Sébastien Marie <[email protected]> 2011-11-07 09:19:08 UTC --- (In reply to comment #12) > Thanks for more tests! > Do you think that is safer to replace this remote include by the way? > > From another point of view (consistency), I would like to replace it too; it > is > the only remaining remote include in a xslt file in Koha. It will be better to not depend of external source. If I remember well about XSLT processing, XML::LibXSLT don't use security by default (and koha don't set it). But, this remote inclusion is *not* a security issue (if you trust LOC), as for successfully use this vector, an attacker should: - or compromise LOC (change what it is included) - or compromise your local network infrastructure (DNS, router, server, ...) So the risk is low (not null, but low). -- Configure bugmail: http://bugs.koha-community.org/bugzilla3/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the QA Contact for the bug. You are watching all bug changes. _______________________________________________ Koha-bugs mailing list [email protected] http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
