Join Slack
Powered by
I received a ticket from a security scanner at wor...
# wiremock-java
c
Chris Hennick
02/05/2024, 7:36 PM
I received a ticket from a security scanner at work, saying
https://github.com/wiremock/wiremock/blob/master/src/main/java/com/github/tomakehurst/wiremock/common/xml/Xml.java
may be vulnerable to an XML eXternal Entity injection because it doesn't disable loading external entities. Shall we fix this?
t
Tom
02/05/2024, 7:59 PM
Yes, please do raise PR for this when you have a moment. I suspect this is safe to disable, despite being technically being a breaking change.
c
Chris Hennick
02/05/2024, 8:14 PM
Done:
https://github.com/wiremock/wiremock/pull/2603
👍 2
8
Views
Open in Slack
Previous
Next