Bug 958727
Summary: | plexus-utils: XML generators should guard against problematic text strings | |||
---|---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Florian Weimer <fweimer> | |
Component: | plexus-utils | Assignee: | Mikolaj Izdebski <mizdebsk> | |
Status: | CLOSED RAWHIDE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | |
Severity: | unspecified | Docs Contact: | ||
Priority: | unspecified | |||
Version: | 20 | CC: | fnasser, java-sig-commits, mizdebsk | |
Target Milestone: | --- | |||
Target Release: | --- | |||
Hardware: | Unspecified | |||
OS: | Unspecified | |||
Whiteboard: | ||||
Fixed In Version: | Doc Type: | Bug Fix | ||
Doc Text: | Story Points: | --- | ||
Clone Of: | ||||
: | 1009413 (view as bug list) | Environment: | ||
Last Closed: | 2015-05-14 10:29:11 UTC | Type: | Bug | |
Regression: | --- | Mount Type: | --- | |
Documentation: | --- | CRM: | ||
Verified Versions: | Category: | --- | ||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
Cloudforms Team: | --- | Target Upstream Version: | ||
Embargoed: | ||||
Bug Depends On: | ||||
Bug Blocks: | 958220, 1009413 |
Description
Florian Weimer
2013-05-02 10:07:27 UTC
Similarly, org.codehaus.plexus.util.xml.pull.MXSerializer should avoid XML injection throw comments, processing instructions, CDATA sections, etc. This bug appears to have been reported against 'rawhide' during the Fedora 20 development cycle. Changing version to '20'. More information and reason for this action is here: https://fedoraproject.org/wiki/BugZappers/HouseKeeping/Fedora20 This is feature request and as such it has been forwarded upstream: http://jira.codehaus.org/browse/PLXUTILS-177 Re-reported here: https://github.com/codehaus-plexus/plexus-utils/issues/3 https://github.com/sonatype/plexus-utils/issues/19 Fixed in upstream version 3.0.24 |