Blame 0003-resteasy-cve-2014-3490.patch
|
|
30ec87c |
diff -up Resteasy-3.0.6.Final/jaxrs/providers/jaxb/src/main/java/org/jboss/resteasy/plugins/providers/jaxb/ExternalEntityUnmarshaller.java.1073 Resteasy-3.0.6.Final/jaxrs/providers/jaxb/src/main/java/org/jboss/resteasy/plugins/providers/jaxb/ExternalEntityUnmarshaller.java
|
|
|
30ec87c |
--- Resteasy-3.0.6.Final/jaxrs/providers/jaxb/src/main/java/org/jboss/resteasy/plugins/providers/jaxb/ExternalEntityUnmarshaller.java.1073 2014-09-29 17:44:28.776812688 -0400
|
|
|
30ec87c |
+++ Resteasy-3.0.6.Final/jaxrs/providers/jaxb/src/main/java/org/jboss/resteasy/plugins/providers/jaxb/ExternalEntityUnmarshaller.java 2014-09-29 17:47:52.202425895 -0400
|
|
|
30ec87c |
@@ -154,6 +154,7 @@ public class ExternalEntityUnmarshaller
|
|
|
30ec87c |
XMLReader xmlReader = sp.getXMLReader();
|
|
|
30ec87c |
xmlReader.setFeature("http://xml.org/sax/features/validation", false);
|
|
|
30ec87c |
xmlReader.setFeature("http://xml.org/sax/features/external-general-entities", false);
|
|
|
30ec87c |
+ xmlReader.setFeature("http://xml.org/sax/features/external-parameter-entities", false);
|
|
|
30ec87c |
SAXSource saxSource = new SAXSource(xmlReader, source);
|
|
|
30ec87c |
return delegate.unmarshal(saxSource);
|
|
|
30ec87c |
}
|
|
|
30ec87c |
@@ -198,6 +199,7 @@ public class ExternalEntityUnmarshaller
|
|
|
30ec87c |
XMLReader xmlReader = sp.getXMLReader();
|
|
|
30ec87c |
xmlReader.setFeature("http://xml.org/sax/features/validation", false);
|
|
|
30ec87c |
xmlReader.setFeature("http://xml.org/sax/features/external-general-entities", false);
|
|
|
30ec87c |
+ xmlReader.setFeature("http://xml.org/sax/features/external-parameter-entities", false);
|
|
|
30ec87c |
((SAXSource) source).setXMLReader(xmlReader);
|
|
|
30ec87c |
return delegate.unmarshal(source, declaredType);
|
|
|
30ec87c |
}
|