Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[BUG] eXist-db 6 config is not properly secured #53

Open
adamretter opened this issue Apr 19, 2023 · 3 comments
Open

[BUG] eXist-db 6 config is not properly secured #53

adamretter opened this issue Apr 19, 2023 · 3 comments

Comments

@adamretter
Copy link
Contributor

There was a change made to the eXist-db 5 conf.xml and web.xml templates in 2021 to secure processing of XML entities, and also to disable acceptance of un-authenticated XQuery POST requests. The commit is here - 45e9b68

However, this change does not appear to have been applied for the eXist-db 6 conf.xml and web.xml templates. I am wondering what the decision was for this not being done? Would a Pull Request to fix this be accepted?

@chakl
Copy link
Collaborator

chakl commented Apr 19, 2023

That's possibly an oversight. We will look into this.

@windauer
Copy link
Member

fixed by commit 5dfefd8

@windauer
Copy link
Member

reopening cause there might be other things to check. Needs review.

@windauer windauer reopened this Aug 27, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants