Eduardo Aguinaga created KARAF-4209: ---------------------------------------
Summary: Weak XML Schema: Unbounded Occurrences Key: KARAF-4209 URL: https://issues.apache.org/jira/browse/KARAF-4209 Project: Karaf Issue Type: Bug Affects Versions: 4.0.3 Reporter: Eduardo Aguinaga HP Fortify SCA and SciTools Understand were used to perform an application security analysis on the karaf source code. Setting a maxOccurs value to unbounded can lead to resources exhaustion and ultimately a denial of service. File: features/core/src/main/resources/org/apache/karaf/features/karaf-features-1.0.0.xsd Line: 64 karaf-features-1.0.0.xsd, lines 64-77: 64 <xs:choice minOccurs="0" maxOccurs="unbounded"> 65 <xs:element name="details" minOccurs="0" type="xs:string"> 66 <xs:annotation> 67 <xs:documentation><![CDATA[ 68 The help text shown for this feature when using the feature:info console command. 69 ]]> 70 </xs:documentation> 71 </xs:annotation> 72 </xs:element> 73 <xs:element name="config" type="tns:config" /> 74 <xs:element name="configfile" type="tns:configFile" /> 75 <xs:element name="feature" type="tns:dependency" /> 76 <xs:element name="bundle" type="tns:bundle" /> 77 </xs:choice> -- This message was sent by Atlassian JIRA (v6.3.4#6332)