Commit 3242db5
XmlConfigurator: do longer allow dtd processing across all platforms (LOG4NET-575)
This patch fixes a security vulnerabiliy reported by Karthik Balasundaram. The security
vulnerability was found in the way how log4net parses xml configuration files where it
allowed to process XML External Entity Processing. An attacker could use this as an
attack vector if he could modify the XML configuration file.1 parent c728a70 commit 3242db5Copy full SHA for 3242db5
File tree
Expand file treeCollapse file tree
1 file changed
+3
-3
lines changedOpen diff view settings
Filter options
- src/log4net/Config
Expand file treeCollapse file tree
1 file changed
+3
-3
lines changedOpen diff view settings
Collapse file
src/log4net/Config/XmlConfigurator.cs
Copy file name to clipboardExpand all lines: src/log4net/Config/XmlConfigurator.cs+3-3Lines changed: 3 additions & 3 deletions
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| ||
721 | 721 | |
722 | 722 | |
723 | 723 | |
724 | | - |
725 | | - |
| 724 | + |
| 725 | + |
726 | 726 | |
727 | | - |
| 727 | + |
728 | 728 | |
729 | 729 | |
730 | 730 | |
|
0 commit comments