-
-
Notifications
You must be signed in to change notification settings - Fork 241
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[cometvisu] Add more path checks and secure against XXE attacks #2696
Conversation
Signed-off-by: Tobias Bräutigam <tbraeutigam@gmail.com>
Signed-off-by: Tobias Bräutigam <tbraeutigam@gmail.com>
Signed-off-by: Tobias Bräutigam <tbraeutigam@gmail.com>
Signed-off-by: Tobias Bräutigam <tbraeutigam@gmail.com>
...g.openhab.ui.cometvisu/src/main/java/org/openhab/ui/cometvisu/internal/util/MountedFile.java
Outdated
Show resolved
Hide resolved
Please also adapt the title and description of this PR to provide some more details - thanks! |
@peuter Please also note that there is a new comment on the advisory. |
Signed-off-by: Tobias Bräutigam <tbraeutigam@gmail.com>
Signed-off-by: Tobias Bräutigam <tbraeutigam@gmail.com>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks!
also deny external xml schema loading (avoid XXE attacks) Signed-off-by: Tobias Bräutigam <tbraeutigam@gmail.com>
also deny external xml schema loading (avoid XXE attacks)