spring-framework

History

Brian Clozel f204f4962d Document XML parser usage against security false positives Prior to this commit, our XML parser usage would be already haredened against XXE (XML External Entities) attacks. Still, we recently received several invalid security reports claiming that our setup should be hardened. This commit documents a few usages of XML parsers to add some more context and hopefully prevent future invalid reports. Closes gh-33713	2024-10-15 18:59:02 +02:00
..
src	Document XML parser usage against security false positives	2024-10-15 18:59:02 +02:00
spring-orm.gradle	Revert ValidationMode.CALLBACK on JPA bootstrap	2023-12-06 18:34:42 +01:00

Brian Clozel f204f4962d Document XML parser usage against security false positives

Prior to this commit, our XML parser usage would be already haredened
against XXE (XML External Entities) attacks. Still, we recently received
several invalid security reports claiming that our setup should be
hardened.

This commit documents a few usages of XML parsers to add some more
context and hopefully prevent future invalid reports.

Closes gh-33713

2024-10-15 18:59:02 +02:00

src

Document XML parser usage against security false positives

2024-10-15 18:59:02 +02:00

spring-orm.gradle

Revert ValidationMode.CALLBACK on JPA bootstrap

2023-12-06 18:34:42 +01:00