chakl
commented
1 year ago That's possibly an oversight. We will look into this.
Open adamretter opened 1 year ago
chakl
commented
1 year ago That's possibly an oversight. We will look into this.
windauer
commented
2 weeks ago fixed by commit 5dfefd878a546f2abbc89578092ef17d2561c281
windauer
commented
2 weeks ago reopening cause there might be other things to check. Needs review.
There was a change made to the eXist-db 5 conf.xml and web.xml templates in 2021 to secure processing of XML entities, and also to disable acceptance of un-authenticated XQuery POST requests. The commit is here - https://github.com/eXist-db/existdb-ansible-role/commit/45e9b68f417b946d737c0c97abef882ec5260a34
However, this change does not appear to have been applied for the eXist-db 6 conf.xml and web.xml templates. I am wondering what the decision was for this not being done? Would a Pull Request to fix this be accepted?