First we tried to use the staxiniterceptor in order to register the XMLInputFactory which is mentioned in the advisory document. but we had some problems with JSON requests and encoding of utf-8 messages. so what we have done is to extend jaxbelementprovider as you mention. -- View this message in context: http://cxf.547215.n5.nabble.com/DTD-based-XML-attacks-refering-to-Apache-CXF-Security-Advisory-CVE-2010-2076-tp2261760p2635632.html Sent from the cxf-dev mailing list archive at Nabble.com.
- DTD based XML attacks - refering to Apache CXF Security A... Tal Maayani
- Re: DTD based XML attacks - refering to Apache CXF S... Sergey Beryozkin
- Re: DTD based XML attacks - refering to Apache C... oferdit
- Re: DTD based XML attacks - refering to Apac... Sergey Beryozkin
- Re: DTD based XML attacks - refering to ... oferdit
