[SPR-11078] Disable the processing of external entities in SourceHttpMessageConverter by default Created: 07/Nov/13  Updated: 15/Jan/19  Resolved: 28/Jul/14

Status: Closed
Project: Spring Framework
Component/s: Web
Affects Version/s: 3.2.4, 4.0 RC1
Fix Version/s: 3.2.5, 4.0 RC2

Type: Improvement Priority: Major
Reporter: Rossen Stoyanchev Assignee: Rossen Stoyanchev
Resolution: Complete Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
relates to SPR-10806 Fix potential security risk when usin... Closed
is related to SPR-11376 Jaxb2RootElementHttpMessageConverter ... Closed
Days since last comment: 26 weeks ago
Last commented by a User: true
Last updater: Spring Issuemaster


This is a follow-up fix related to the issue reported in SPR-10806.

Comment by Spring Issuemaster [ 14/Jan/19 ]

The Spring Framework has migrated to GitHub Issues. This issue corresponds to spring-projects/spring-framework#15704.

Generated at Mon Jul 15 22:50:38 UTC 2019 using JIRA 7.9.2#79002-sha1:3bb15b68ecd99a30eb364c4c1a393359bcad6278.