etan39
/
cloudstack
mirror of https://github.com/apache/cloudstack.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
cloudstack/plugins/user-authenticators
History
Rohit Yadav 7c7ee05cef
saml: Safer DocumentBuilderFactory and ParserPool configuration (#183) 
This implements safer DocumentBuilderFactory and ParserPool utilities
to be used throughout the codebase to prevent potential XXE exploits.

References:
https://cheatsheetseries.owasp.org/cheatsheets/XML_External_Entity_Prevention_Cheat_Sheet.html
https://www.blackhat.com/docs/us-15/materials/us-15-Wang-FileCry-The-New-Age-Of-XXE-java-wp.pdf

Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
 		2022-07-18 19:40:20 +05:30
..
ldap schema,server,api: events improvement (#127) 2022-05-05 13:44:33 +05:30
md5 Updating pom.xml version numbers for release 4.16.1.0 2022-02-25 19:01:16 +05:30
pbkdf2 Updating pom.xml version numbers for release 4.16.1.0 2022-02-25 19:01:16 +05:30
plain-text Updating pom.xml version numbers for release 4.16.1.0 2022-02-25 19:01:16 +05:30
saml2 saml: Safer DocumentBuilderFactory and ParserPool configuration (#183) 2022-07-18 19:40:20 +05:30
sha256salted Updating pom.xml version numbers for release 4.16.1.0 2022-02-25 19:01:16 +05:30