[jira] [Commented] (FOP-2668) Dont load DTDs
[ https://issues.apache.org/jira/browse/FOP-2668?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15986166#comment-15986166 ] simon steiner commented on FOP-2668: You are correct > Dont load DTDs > -- > > Key: FOP-2668 > URL: https://issues.apache.org/jira/browse/FOP-2668 > Project: FOP > Issue Type: Bug >Reporter: simon steiner >Assignee: simon steiner > > External DTD resolution should also be disabled, matching Batik: > https://issues.apache.org/jira/browse/BATIK-1139 -- This message was sent by Atlassian JIRA (v6.3.15#6346)
[jira] [Commented] (FOP-2668) Dont load DTDs
[ https://issues.apache.org/jira/browse/FOP-2668?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15985369#comment-15985369 ] Antoine Beaupre commented on FOP-2668: -- Hi! Is this vulnerability the same as https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5661? Is r1769967 sufficient and complete to fix this issue? I'm looking at backporting this issue to fix the Debian LTS release. Thanks! > Dont load DTDs > -- > > Key: FOP-2668 > URL: https://issues.apache.org/jira/browse/FOP-2668 > Project: FOP > Issue Type: Bug >Reporter: simon steiner >Assignee: simon steiner > > External DTD resolution should also be disabled, matching Batik: > https://issues.apache.org/jira/browse/BATIK-1139 -- This message was sent by Atlassian JIRA (v6.3.15#6346)
[jira] [Commented] (FOP-2668) Dont load DTDs
[ https://issues.apache.org/jira/browse/FOP-2668?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15670326#comment-15670326 ] simon steiner commented on FOP-2668: http://svn.apache.org/viewvc?view=revision&revision=1769967 > Dont load DTDs > -- > > Key: FOP-2668 > URL: https://issues.apache.org/jira/browse/FOP-2668 > Project: FOP > Issue Type: Bug >Reporter: simon steiner >Assignee: simon steiner > > External DTD resolution should also be disabled, matching Batik: > https://issues.apache.org/jira/browse/BATIK-1139 -- This message was sent by Atlassian JIRA (v6.3.4#6332)