DRILL-8461: Prevent XXE Attacks in XML Format Plugin
Description
Drill's XML reader would allow a maliciously crafted XML file to perform an XML eXternal Entity injection (XXE) attack. This fix disables DTD parsing in the XML format plugin and prevents XXE attacks.
DRILL-8461: Prevent XXE Attacks in XML Format Plugin
Description
Drill's XML reader would allow a maliciously crafted XML file to perform an XML eXternal Entity injection (XXE) attack. This fix disables DTD parsing in the XML format plugin and prevents XXE attacks.
Documentation
No user facing changes.
Testing
Added unit test and tested manually.