etan39
/
cloudstack
mirror of https://github.com/apache/cloudstack.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
cloudstack/plugins/user-authenticators
History
Rohit Yadav 19c194c0e1 saml: Safer DocumentBuilderFactory and ParserPool configuration 
This implements safer DocumentBuilderFactory and ParserPool utilities
to be used throughout the codebase to prevent potential XXE exploits.

References:
https://cheatsheetseries.owasp.org/cheatsheets/XML_External_Entity_Prevention_Cheat_Sheet.html
https://www.blackhat.com/docs/us-15/materials/us-15-Wang-FileCry-The-New-Age-Of-XXE-java-wp.pdf

Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
(cherry picked from commit 0c6b92142cc402c3eebf9bf4aa3c77b2d9defc69)
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
 		2022-07-12 18:45:36 +05:30
..
ldap Updating pom.xml version numbers for release 4.17.0.0 2022-05-31 14:33:47 -03:00
md5 Updating pom.xml version numbers for release 4.17.0.0 2022-05-31 14:33:47 -03:00
pbkdf2 Updating pom.xml version numbers for release 4.17.0.0 2022-05-31 14:33:47 -03:00
plain-text Updating pom.xml version numbers for release 4.17.0.0 2022-05-31 14:33:47 -03:00
saml2 saml: Safer DocumentBuilderFactory and ParserPool configuration 2022-07-12 18:45:36 +05:30
sha256salted Updating pom.xml version numbers for release 4.17.0.0 2022-05-31 14:33:47 -03:00