diff options
author | Brian de Alwis | 2017-08-30 19:47:56 +0000 |
---|---|---|
committer | Thomas Watson | 2017-09-06 12:59:25 +0000 |
commit | f94c9ac9bd27522cf55784111380d5f4aebc4bab (patch) | |
tree | f6df7429532793e4b56631a512511746172ef3e8 /bundles/org.eclipse.equinox.p2.metadata.repository | |
parent | 6ab4441a4442b39f8e06608299ad0d894276a873 (diff) | |
download | rt.equinox.p2-M20170922-0855.tar.gz rt.equinox.p2-M20170922-0855.tar.xz rt.equinox.p2-M20170922-0855.zip |
Bug 518031 - XML External Entity Vulnerability in Eclipse IDEY20170921-1000Y20170920-1000Y20170919-1000Y20170918-1000Y20170917-1000Y20170916-1000Y20170915-1000Y20170914-1000Y20170913-1335Y20170913-1000Y20170912-1000Y20170911-1000Y20170907-1000U20170928-0110U20170927-1900U20170927-0115U20170926-1200U20170922-1005U20170922-0835U20170922-0750U20170921-1315U20170921-0520U20170921-0430U20170921-0400U20170914-0400U20170913-1405U20170913-1050U20170913-0250U20170912-1305U20170912-0740U20170907-0400S4_7_1_aRC1S4_7_1_RC4R4_7_1M20170927-1700M20170927-0400M20170926-1700M20170926-1000M20170925-0650M20170922-1005M20170922-0855M20170922-0740M20170921-1315M20170921-0255M20170920-2345M20170920-1700M20170920-0400M20170919-1155M20170919-0830M20170918-1300M20170906-1700
Ensure XML processors are configured to use
XMLConstants.FEATURE_SECURE_PROCESSING=true
to avoid accessing external DTDs and expanding external entities.
(Backport to 4.7)
Change-Id: Icabb6e0d55dd546a66ad506cde7e24a996484f1a
Signed-off-by: Brian de Alwis <bsd@mt.ca>
Signed-off-by: Thomas Watson <tjwatson@us.ibm.com>
Diffstat (limited to 'bundles/org.eclipse.equinox.p2.metadata.repository')
3 files changed, 4 insertions, 3 deletions
diff --git a/bundles/org.eclipse.equinox.p2.metadata.repository/META-INF/MANIFEST.MF b/bundles/org.eclipse.equinox.p2.metadata.repository/META-INF/MANIFEST.MF index 06c6ee6f8..b8fdf1036 100644 --- a/bundles/org.eclipse.equinox.p2.metadata.repository/META-INF/MANIFEST.MF +++ b/bundles/org.eclipse.equinox.p2.metadata.repository/META-INF/MANIFEST.MF @@ -2,7 +2,7 @@ Manifest-Version: 1.0 Bundle-ManifestVersion: 2 Bundle-Name: %pluginName Bundle-SymbolicName: org.eclipse.equinox.p2.metadata.repository;singleton:=true -Bundle-Version: 1.2.400.qualifier +Bundle-Version: 1.2.401.qualifier Bundle-Activator: org.eclipse.equinox.internal.p2.metadata.repository.Activator Bundle-Vendor: %providerName Bundle-Localization: plugin diff --git a/bundles/org.eclipse.equinox.p2.metadata.repository/pom.xml b/bundles/org.eclipse.equinox.p2.metadata.repository/pom.xml index b2d98ee6b..0ea826cd9 100644 --- a/bundles/org.eclipse.equinox.p2.metadata.repository/pom.xml +++ b/bundles/org.eclipse.equinox.p2.metadata.repository/pom.xml @@ -19,6 +19,6 @@ </parent> <groupId>org.eclipse.equinox</groupId> <artifactId>org.eclipse.equinox.p2.metadata.repository</artifactId> - <version>1.2.400-SNAPSHOT</version> + <version>1.2.401-SNAPSHOT</version> <packaging>eclipse-plugin</packaging> </project> diff --git a/bundles/org.eclipse.equinox.p2.metadata.repository/src/org/eclipse/equinox/p2/metadata/io/IUDeserializer.java b/bundles/org.eclipse.equinox.p2.metadata.repository/src/org/eclipse/equinox/p2/metadata/io/IUDeserializer.java index 63ace1841..cd7b0202a 100644 --- a/bundles/org.eclipse.equinox.p2.metadata.repository/src/org/eclipse/equinox/p2/metadata/io/IUDeserializer.java +++ b/bundles/org.eclipse.equinox.p2.metadata.repository/src/org/eclipse/equinox/p2/metadata/io/IUDeserializer.java @@ -15,6 +15,7 @@ import java.io.InputStream; import java.util.Arrays; import java.util.Collection; import javax.xml.parsers.*; +import org.eclipse.equinox.internal.p2.core.helpers.SecureXMLUtil; import org.eclipse.equinox.internal.p2.metadata.repository.io.MetadataParser; import org.eclipse.equinox.internal.p2.persistence.Messages; import org.eclipse.equinox.p2.metadata.IInstallableUnit; @@ -33,7 +34,7 @@ public class IUDeserializer { * Construct a new instance of the deserializer. */ public IUDeserializer() { - deserializer = new IUDeserializerParser(SAXParserFactory.newInstance()); + deserializer = new IUDeserializerParser(SecureXMLUtil.newSecureSAXParserFactory()); } /** |