** Patch added: "xmlsecbug-12.patch" https://bugs.launchpad.net/mahara/+bug/1047111/+attachment/3313737/+files/xmlsecbug-12.patch
-- You received this bug notification because you are a member of Mahara Contributors, which is subscribed to Mahara. https://bugs.launchpad.net/bugs/1047111 Title: XEE possible in mahara Status in Mahara ePortfolio: Confirmed Status in Mahara 1.4 series: Fix Released Status in Mahara 1.5 series: Fix Released Bug description: libxml_disable_entity_loader(true) is never called in mahara, which means that xml functionalities are vulnerable to http://projects.webappsec.org/w/page/13247003/XML%20External%20Entities can be fixed by adding libxml_disable_entity_loader(true) in init. Reported by Mike Haworth. To manage notifications about this bug go to: https://bugs.launchpad.net/mahara/+bug/1047111/+subscriptions _______________________________________________ Mailing list: https://launchpad.net/~mahara-contributors Post to : [email protected] Unsubscribe : https://launchpad.net/~mahara-contributors More help : https://help.launchpad.net/ListHelp
