Open adamretter opened 1 year ago
There was a change made to the eXist-db 5 conf.xml and web.xml templates in 2021 to secure processing of XML entities, and also to disable acceptance of un-authenticated XQuery POST requests. The commit is here - https://github.com/eXist-db/existdb-ansible-role/commit/45e9b68f417b946d737c0c97abef882ec5260a34
However, this change does not appear to have been applied for the eXist-db 6 conf.xml and web.xml templates. I am wondering what the decision was for this not being done? Would a Pull Request to fix this be accepted?
That's possibly an oversight. We will look into this.
fixed by commit 5dfefd878a546f2abbc89578092ef17d2561c281
reopening cause there might be other things to check. Needs review.
There was a change made to the eXist-db 5 conf.xml and web.xml templates in 2021 to secure processing of XML entities, and also to disable acceptance of un-authenticated XQuery POST requests. The commit is here - https://github.com/eXist-db/existdb-ansible-role/commit/45e9b68f417b946d737c0c97abef882ec5260a34
However, this change does not appear to have been applied for the eXist-db 6 conf.xml and web.xml templates. I am wondering what the decision was for this not being done? Would a Pull Request to fix this be accepted?