Log Message: |
"Applied fix from trunk for revision: 1736434 "
------------------------------------------------------------------------
r1736434 | jleroux | 2016-03-24 13:12:11 +0100 (jeu. 24 mars 2016) | 7 lignes
Fixes "Update XStream lib to prevent XML External Entity (XXE) Processing" - https://issues.apache.org/jira/browse/OFBIZ-6959
The XStream team has released the 1.4.9 stable version in March 15, 2016
This version fixes the XML External Entity (XXE) Processing security issue https://www.owasp.org/index.php/XML_External_Entity_%28XXE%29_Processing
Since OFBiz uses the DomDriver, with Java 6 at least in supported releases, OFBiz seems not really vulnerable https://x-stream.github.io/faq.html#Security_XXEVulnerability, but better to be safe than sorry, notably for not OOTB uses...
------------------------------------------------------------------------
|