diff options
| author | Mark Felder <feld@feld.me> | 2023-08-04 22:44:09 -0400 |
|---|---|---|
| committer | Haelwenn (lanodan) Monnier <contact@hacktivis.me> | 2023-08-05 08:23:04 +0200 |
| commit | cc848b78dca51fcd7e785eb92a7a3a4d5d1c419e (patch) | |
| tree | e68054aabf71a49923a3bf2c9516756e553e95a4 | |
| parent | 77d57c974ad83fcea77e424d53dc16a27e5d88b6 (diff) | |
| download | pleroma-cc848b78dca51fcd7e785eb92a7a3a4d5d1c419e.tar.gz pleroma-cc848b78dca51fcd7e785eb92a7a3a4d5d1c419e.zip | |
Document and test that XXE processing is disabled
https://vuln.be/post/xxe-in-erlang-and-elixir/
| -rw-r--r-- | changelog.d/akkoma-xml-remote-entities.security | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/changelog.d/akkoma-xml-remote-entities.security b/changelog.d/akkoma-xml-remote-entities.security new file mode 100644 index 000000000..b3c86bee1 --- /dev/null +++ b/changelog.d/akkoma-xml-remote-entities.security @@ -0,0 +1 @@ +Restrict XML parser from processing external entitites (XXE) |