Nekohtml update is breaking html based UI

Brought to you by: andyc2, mguillem

#167 Nekohtml update is breaking html based UI

Milestone: 1.9.15

Status: open

Owner: nobody

Labels: Nekohtml (1)

Priority: 9

Updated: 2022-02-18

Created: 2022-02-18

Creator: Priya Kumari

Private: No

Our application is currently using Nekohtml(1.9.6)
Recently there has been a Server side request forgery & vulnerability reported for XercesIml <=2.12.1
Since, Nekohtml(1.9.6) uses XercesIml version 2.8.1, so the application is exposed to the vulnerability.
So just wanted to know if there is any plan from Nekohtml side to upgrade the version which can mitigate this vulnerability beacuse as I could see the last relaese of Nekohtml is 1.9.22 ,around 2014-15 & this has XercesIml as 2.11.0 version.

Regards,
Priya

Discussion

Marc Guillemot - 2022-02-18

NekoHtml Parser is deeply asleep. Perhaps can this fork help you: https://github.com/HtmlUnit/htmlunit-neko

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Nekohtml update is breaking html based UI

Group

Searches

Help

#167 Nekohtml update is breaking html based UI

Discussion