Bug 1166720

Summary: [QE] Add information about secure processing in Resteasy to release notes
Product: [JBoss] JBoss Enterprise Application Platform 6 Reporter: Katerina Odabasi <kanovotn>
Component: DocumentationAssignee: Russell Dickenson <rdickens>
Status: CLOSED NOTABUG QA Contact: Katerina Odabasi <kanovotn>
Severity: urgent Docs Contact:
Priority: unspecified    
Version: 6.4.0CC: lcosti, rdickens
Target Milestone: ---   
Target Release: EAP 6.4.0   
Hardware: Unspecified   
OS: Unspecified   
Fixed In Version: Doc Type: Known Issue
Doc Text:
By default, XML documents with Document Type Definitions are considered invalid. To allow such documents, the setting resteasy.document.secure.disableDTDs must be set to false. This disables the checking of XML documents with Document Type Definition. By default, secure processing is set to true. To disable this, edit the configuration file web.xml, and set the attribute resteasy.document.secure.processing.feature to false. The Xerces module included in JBoss EAP 6.4 does not support the parameter Max attributes limit.
Story Points: ---
Clone Of: Environment:
Build Name: 22702, 6.3.0 Release Notes-6.3-1 Build Date: 07-08-2014 07:34:03 Topic ID: 40915-682007 [Latest]
Last Closed: 2015-02-04 01:12:59 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Katerina Odabasi 2014-11-21 14:44:28 UTC
Title: Add Chapter about Resteasy default behaviour change

Describe the issue:
1) by default xml documents with DTD are not allowed -> setting resteasy.document.secure.disableDTDs to false in web.xml is needed to allow it.

2) by default secure processing is set to true -> setting resteasy.document.secure.processing.feature to false in web.xml is needed to disable it.

Xerces 2.9.1.redhat-6 included in EAP 6.4.0 doesn't support Max atributtes limit.

This needs to be mentioned in release notes.

Suggestions for improvement:

Additional information: