https://linen.dev logo
#wiremock-java
Title
# wiremock-java
c

Chris Hennick

02/05/2024, 7:36 PM
I received a ticket from a security scanner at work, saying https://github.com/wiremock/wiremock/blob/master/src/main/java/com/github/tomakehurst/wiremock/common/xml/Xml.java may be vulnerable to an XML eXternal Entity injection because it doesn't disable loading external entities. Shall we fix this?
t

Tom

02/05/2024, 7:59 PM
Yes, please do raise PR for this when you have a moment. I suspect this is safe to disable, despite being technically being a breaking change.
c

Chris Hennick

02/05/2024, 8:14 PM
6 Views