Bug 1166720 - [QE] Add information about secure processing in Resteasy to release notes
Summary: [QE] Add information about secure processing in Resteasy to release notes
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: JBoss Enterprise Application Platform 6
Classification: JBoss
Component: Documentation
Version: 6.4.0
Hardware: Unspecified
OS: Unspecified
unspecified
urgent
Target Milestone: ---
: EAP 6.4.0
Assignee: Russell Dickenson
QA Contact: Katerina Odabasi
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2014-11-21 14:44 UTC by Katerina Odabasi
Modified: 2015-02-04 01:12 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Known Issue
Doc Text:
By default, XML documents with Document Type Definitions are considered invalid. To allow such documents, the setting resteasy.document.secure.disableDTDs must be set to false. This disables the checking of XML documents with Document Type Definition. By default, secure processing is set to true. To disable this, edit the configuration file web.xml, and set the attribute resteasy.document.secure.processing.feature to false. The Xerces module included in JBoss EAP 6.4 does not support the parameter Max attributes limit.
Clone Of:
Environment:
Build Name: 22702, 6.3.0 Release Notes-6.3-1 Build Date: 07-08-2014 07:34:03 Topic ID: 40915-682007 [Latest]
Last Closed: 2015-02-04 01:12:59 UTC
Type: Bug


Attachments (Terms of Use)

Description Katerina Odabasi 2014-11-21 14:44:28 UTC
Title: Add Chapter about Resteasy default behaviour change

Describe the issue:
1) by default xml documents with DTD are not allowed -> setting resteasy.document.secure.disableDTDs to false in web.xml is needed to allow it.

2) by default secure processing is set to true -> setting resteasy.document.secure.processing.feature to false in web.xml is needed to disable it.

Xerces 2.9.1.redhat-6 included in EAP 6.4.0 doesn't support Max atributtes limit.

This needs to be mentioned in release notes.

Suggestions for improvement:


Additional information:


Note You need to log in before you can comment on or make changes to this bug.