cloudstack

History

Rohit Yadav 7c7ee05cef saml: Safer DocumentBuilderFactory and ParserPool configuration (#183 ) This implements safer DocumentBuilderFactory and ParserPool utilities to be used throughout the codebase to prevent potential XXE exploits. References: https://cheatsheetseries.owasp.org/cheatsheets/XML_External_Entity_Prevention_Cheat_Sheet.html https://www.blackhat.com/docs/us-15/materials/us-15-Wang-FileCry-The-New-Age-Of-XXE-java-wp.pdf Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>	2022-07-18 19:40:20 +05:30
..
main	saml: Safer DocumentBuilderFactory and ParserPool configuration (#183 )	2022-07-18 19:40:20 +05:30
test	server: Add support to encrypt https.keystore.password in server.properties (#5459 )	2021-09-20 12:58:27 -03:00

saml: Safer DocumentBuilderFactory and ParserPool configuration (#183 )

This implements safer DocumentBuilderFactory and ParserPool utilities
to be used throughout the codebase to prevent potential XXE exploits.

References:
https://cheatsheetseries.owasp.org/cheatsheets/XML_External_Entity_Prevention_Cheat_Sheet.html
https://www.blackhat.com/docs/us-15/materials/us-15-Wang-FileCry-The-New-Age-Of-XXE-java-wp.pdf

Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>

2022-07-18 19:40:20 +05:30

main

saml: Safer DocumentBuilderFactory and ParserPool configuration (#183 )

2022-07-18 19:40:20 +05:30

test

server: Add support to encrypt https.keystore.password in server.properties (#5459 )

2021-09-20 12:58:27 -03:00