xmlunit-commits

[xmlunit/xmlunit] 933ed9: try to disable all DocumentBuilderFactory features...

[GitHub <no...@gi...>]

  Branch: refs/heads/add-some-xxe-protection
  Home:   https://github.com/xmlunit/xmlunit
  Commit: 933ed9eed8f1132c6280f6b58de212675eb0efef
      https://github.com/xmlunit/xmlunit/commit/933ed9eed8f1132c6280f6b58de212675eb0efef
  Author: Stefan Bodewig <ste...@fr...>
  Date:   2018-04-13 (Fri, 13 Apr 2018)

  Changed paths:
    M xmlunit-core/src/main/java/org/xmlunit/ConfigurationException.java
    M xmlunit-core/src/main/java/org/xmlunit/util/Convert.java
    A xmlunit-core/src/main/java/org/xmlunit/util/DocumentBuilderFactoryConfigurer.java
    M xmlunit-legacy/src/main/java/org/custommonkey/xmlunit/XMLUnit.java

  Log Message:
  -----------
  try to disable all DocumentBuilderFactory features recommended by OWASP

see https://www.owasp.org/index.php/XML_External_Entity_(XXE)_Prevention_Cheat_Sheet#JAXP_DocumentBuilderFactory.2C_SAXParserFactory_and_DOM4J

see #91

[xmlunit/xmlunit] 933ed9: try to disable all DocumentBuilderFactory features...

[GitHub <no...@gi...>]

  Branch: refs/heads/master
  Home:   https://github.com/xmlunit/xmlunit
  Commit: 933ed9eed8f1132c6280f6b58de212675eb0efef
      https://github.com/xmlunit/xmlunit/commit/933ed9eed8f1132c6280f6b58de212675eb0efef
  Author: Stefan Bodewig <ste...@fr...>
  Date:   2018-04-13 (Fri, 13 Apr 2018)

  Changed paths:
    M xmlunit-core/src/main/java/org/xmlunit/ConfigurationException.java
    M xmlunit-core/src/main/java/org/xmlunit/util/Convert.java
    A xmlunit-core/src/main/java/org/xmlunit/util/DocumentBuilderFactoryConfigurer.java
    M xmlunit-legacy/src/main/java/org/custommonkey/xmlunit/XMLUnit.java

  Log Message:
  -----------
  try to disable all DocumentBuilderFactory features recommended by OWASP

see https://www.owasp.org/index.php/XML_External_Entity_(XXE)_Prevention_Cheat_Sheet#JAXP_DocumentBuilderFactory.2C_SAXParserFactory_and_DOM4J

see #91


  Commit: e2cd5899bdf9ebcb28d3855b7a107d9e1247aa9e
      https://github.com/xmlunit/xmlunit/commit/e2cd5899bdf9ebcb28d3855b7a107d9e1247aa9e
  Author: Stefan Bodewig <ste...@fr...>
  Date:   2018-04-13 (Fri, 13 Apr 2018)

  Changed paths:
    M xmlunit-core/src/main/java/org/xmlunit/diff/DOMDifferenceEngine.java

  Log Message:
  -----------
  missed a newInstance call of DocumentFactoryBuilder


  Commit: d00ca58c41c263c85ea66fad39a5230b666253b6
      https://github.com/xmlunit/xmlunit/commit/d00ca58c41c263c85ea66fad39a5230b666253b6
  Author: Stefan Bodewig <ste...@fr...>
  Date:   2018-04-13 (Fri, 13 Apr 2018)

  Changed paths:
    M xmlunit-core/src/main/java/org/xmlunit/validation/ParsingValidator.java

  Log Message:
  -----------
  make two.-arg validateInstance method accessible to public


  Commit: 18104d8774913473780af8db93f226519a5e14fa
      https://github.com/xmlunit/xmlunit/commit/18104d8774913473780af8db93f226519a5e14fa
  Author: Stefan Bodewig <ste...@fr...>
  Date:   2018-04-14 (Sat, 14 Apr 2018)

  Changed paths:
    M xmlunit-legacy/src/main/java/org/custommonkey/xmlunit/XMLUnit.java

  Log Message:
  -----------
  disable XXE protection in legacy code base by default


  Commit: 635b594e3f3dba8d3cadb2204d07bd250647234f
      https://github.com/xmlunit/xmlunit/commit/635b594e3f3dba8d3cadb2204d07bd250647234f
  Author: Stefan Bodewig <ste...@fr...>
  Date:   2018-04-14 (Sat, 14 Apr 2018)

  Changed paths:
    M xmlunit-core/src/main/java/org/xmlunit/diff/DefaultComparisonFormatter.java
    M xmlunit-core/src/main/java/org/xmlunit/transform/Transformation.java
    M xmlunit-core/src/main/java/org/xmlunit/util/Convert.java
    A xmlunit-core/src/main/java/org/xmlunit/util/TransformerFactoryConfigurer.java
    M xmlunit-legacy/src/main/java/org/custommonkey/xmlunit/XMLUnit.java

  Log Message:
  -----------
  enable XXE protection for TransformerFactories


Compare: https://github.com/xmlunit/xmlunit/compare/a5e1721f6f08...635b594e3f3d