Closed braeckel closed 6 years ago
Changes should be made to Crux to mitigate "billion laughs" attacks. One mitigation is to disable DTDs, but several other JAXP/Xerces mitigations are shown here: https://www.owasp.org/index.php/XML_External_Entity_(XXE)_Prevention_Cheat_Sheet.
Changes should be made to Crux to mitigate "billion laughs" attacks. One mitigation is to disable DTDs, but several other JAXP/Xerces mitigations are shown here: https://www.owasp.org/index.php/XML_External_Entity_(XXE)_Prevention_Cheat_Sheet.