Sergey Beryozkin-5 wrote: > > Hi > > On Mon, Aug 2, 2010 at 3:00 PM, Tal Maayani <tal.maay...@amdocs.com> > wrote: > >> Hi, >> >> According to your advice, in order to block DTD based XML attack one need >> to either use CXF version 2.2.9 or replace the default xml parser. >> >> there is an issue with (JAXRS) SourceProvider in 2.2.9 which I missed. >> But > this provider is optional. As far as I know Dan has done some refactoring > in > 2.2.10-SNAPSHOT which also helped to fix the SourceProvider issue. > > >> Can you please explain how to replace the xml parser when using REST >> service. >> > > are you using JAXB in your JAXRS services ? > >
We use JAXB in our services. -- View this message in context: http://cxf.547215.n5.nabble.com/DTD-based-XML-attacks-refering-to-Apache-CXF-Security-Advisory-CVE-2010-2076-tp2261760p2268798.html Sent from the cxf-dev mailing list archive at Nabble.com.
