cloudstack

History

Rohit Yadav b7415bf127 saml: Safer DocumentBuilderFactory and ParserPool configuration This implements safer DocumentBuilderFactory and ParserPool utilities to be used throughout the codebase to prevent potential XXE exploits. References: https://cheatsheetseries.owasp.org/cheatsheets/XML_External_Entity_Prevention_Cheat_Sheet.html https://www.blackhat.com/docs/us-15/materials/us-15-Wang-FileCry-The-New-Age-Of-XXE-java-wp.pdf Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com> (cherry picked from commit 8e0e68ef368ebe2793ef80e2c3821eaecb47b593) Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>	2022-07-14 16:58:08 +05:30
..
main	saml: Safer DocumentBuilderFactory and ParserPool configuration	2022-07-14 16:58:08 +05:30
test/java/org/apache/cloudstack	cloudstack: add JDK11 support (#3601 )	2020-02-12 12:58:25 +05:30

Rohit Yadav b7415bf127 saml: Safer DocumentBuilderFactory and ParserPool configuration

This implements safer DocumentBuilderFactory and ParserPool utilities
to be used throughout the codebase to prevent potential XXE exploits.

References:
https://cheatsheetseries.owasp.org/cheatsheets/XML_External_Entity_Prevention_Cheat_Sheet.html
https://www.blackhat.com/docs/us-15/materials/us-15-Wang-FileCry-The-New-Age-Of-XXE-java-wp.pdf

Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
(cherry picked from commit 8e0e68ef368ebe2793ef80e2c3821eaecb47b593)
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>

2022-07-14 16:58:08 +05:30

main

saml: Safer DocumentBuilderFactory and ParserPool configuration

2022-07-14 16:58:08 +05:30

test/java/org/apache/cloudstack

cloudstack: add JDK11 support (#3601 )

2020-02-12 12:58:25 +05:30