spring-framework

History

Brian Clozel f204f4962d Document XML parser usage against security false positives Prior to this commit, our XML parser usage would be already haredened against XXE (XML External Entities) attacks. Still, we recently received several invalid security reports claiming that our setup should be hardened. This commit documents a few usages of XML parsers to add some more context and hopefully prevent future invalid reports. Closes gh-33713	2024-10-15 18:59:02 +02:00
..
main	Document XML parser usage against security false positives	2024-10-15 18:59:02 +02:00
test	Spring cleaning: update copyright headers	2024-02-23 12:21:22 +01:00

Brian Clozel f204f4962d Document XML parser usage against security false positives

Prior to this commit, our XML parser usage would be already haredened
against XXE (XML External Entities) attacks. Still, we recently received
several invalid security reports claiming that our setup should be
hardened.

This commit documents a few usages of XML parsers to add some more
context and hopefully prevent future invalid reports.

Closes gh-33713

2024-10-15 18:59:02 +02:00

main

Document XML parser usage against security false positives

2024-10-15 18:59:02 +02:00

test

Spring cleaning: update copyright headers

2024-02-23 12:21:22 +01:00