Issue #12403 - verify XML PublicID behaviors.

jetty / jetty.project

Eclipse Jetty® - Web Container & Clients - supports HTTP/2, HTTP/1.1, HTTP/1.0, websocket, servlets, and more

https://eclipse.dev/jetty

Other

3.86k stars 1.91k forks source link

Closed joakime closed 3 weeks ago

joakime commented 4 weeks ago

The XmlConfiguration instance should not use an XML parser from the classloader. As that XML parser can be broken when it comes to XML entity resolution behaviors. (We always want local entity resolution, never external) Switching to SAXParserFactory.newDefaultInstance() ensures this behavior that we want/need.
More unit tests for behavior with and without XML PublicID's in the mix.

ArfyFR commented 23 hours ago

Hi The fix is not in ~~12.0.5~~ 12.0.15 sorry ? I saw "Some checks were not successful"

sbordet commented 21 hours ago

@ArfyFR this change is in 12.0.15, I assume you meant that.

ArfyFR commented 21 hours ago

Oooops, yes sorry 12.0.15