[SPR-11078] Disable the processing of external entities in SourceHttpMessageConverter by default Created: 07/Nov/13  Updated: 15/Jan/19  Resolved: 28/Jul/14

Status: Closed
Project: Spring Framework
Component/s: Web
Affects Version/s: 3.2.4, 4.0 RC1
Fix Version/s: 3.2.5, 4.0 RC2

Type: Improvement Priority: Major
Reporter: Rossen Stoyanchev Assignee: Rossen Stoyanchev
Resolution: Complete Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
relates to SPR-10806 Fix potential security risk when usin... Closed
is related to SPR-11376 Jaxb2RootElementHttpMessageConverter ... Closed
Days since last comment: 39 weeks, 5 days ago
Last commented by a User: true
Last updater: Spring Issuemaster


This is a follow-up fix related to the issue reported in SPR-10806.

Comment by Spring Issuemaster [ 14/Jan/19 ]

The Spring Framework has migrated to GitHub Issues. This issue corresponds to spring-projects/spring-framework#15704.

Generated at Sun Oct 20 19:37:36 UTC 2019 using Jira 7.13.8#713008-sha1:1606a5c1e7006e1ab135aac81f7a9566b2dbc3a6.