Projects
Eulaceura:Factory
jackson
_service:obs_scm:CVE-2019-10172-2.patch
Sign Up
Log In
Username
Password
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File _service:obs_scm:CVE-2019-10172-2.patch of Package jackson
From 2361ec46b5fbf940bafe8247e421e64f9cb7f7b1 Mon Sep 17 00:00:00 2001 From: PJ Fanning <pj.fanning@workday.com> Date: Fri, 1 Jul 2016 22:57:06 +0100 Subject: [PATCH] setExpandEntityReferences(false) --- .../java/org/codehaus/jackson/map/ext/DOMDeserializer.java | 1 + .../org/codehaus/jackson/xc/DomElementJsonDeserializer.java | 3 ++- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/src/mapper/java/org/codehaus/jackson/map/ext/DOMDeserializer.java b/src/mapper/java/org/codehaus/jackson/map/ext/DOMDeserializer.java index 3a486b9e4..97f76af97 100644 --- a/src/mapper/java/org/codehaus/jackson/map/ext/DOMDeserializer.java +++ b/src/mapper/java/org/codehaus/jackson/map/ext/DOMDeserializer.java @@ -24,6 +24,7 @@ _parserFactory = DocumentBuilderFactory.newInstance(); // yup, only cave men do XML without recognizing namespaces... _parserFactory.setNamespaceAware(true); + _parserFactory.setExpandEntityReferences(false); try { _parserFactory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true); } catch(ParserConfigurationException pce) { diff --git a/src/xc/java/org/codehaus/jackson/xc/DomElementJsonDeserializer.java b/src/xc/java/org/codehaus/jackson/xc/DomElementJsonDeserializer.java index ccd631aa3..8b1de578a 100644 --- a/src/xc/java/org/codehaus/jackson/xc/DomElementJsonDeserializer.java +++ b/src/xc/java/org/codehaus/jackson/xc/DomElementJsonDeserializer.java @@ -30,10 +30,11 @@ public DomElementJsonDeserializer() try { DocumentBuilderFactory bf = DocumentBuilderFactory.newInstance(); bf.setNamespaceAware(true); + bf.setExpandEntityReferences(false); bf.setFeature(javax.xml.XMLConstants.FEATURE_SECURE_PROCESSING, true); builder = bf.newDocumentBuilder(); } catch (ParserConfigurationException e) { - throw new RuntimeException(); + throw new RuntimeException("Problem creating DocumentBuilder: " + e.toString()); } }
Locations
Projects
Search
Status Monitor
Help
Open Build Service
OBS Manuals
API Documentation
OBS Portal
Reporting a Bug
Contact
Mailing List
Forums
Chat (IRC)
Twitter
Open Build Service (OBS)
is an
openSUSE project
.
浙ICP备2022010568号-2