[
https://issues.apache.org/jira/browse/NIFI-9399?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Joe Witt updated NIFI-9399:
---------------------------
Fix Version/s: 1.16.0
Resolution: Fixed
Status: Resolved (was: Patch Available)
> Apply Secure Processing to TransformXml XSLT Sources
> ----------------------------------------------------
>
> Key: NIFI-9399
> URL: https://issues.apache.org/jira/browse/NIFI-9399
> Project: Apache NiFi
> Issue Type: Improvement
> Components: Extensions, Security
> Affects Versions: 1.15.0
> Reporter: David Handermann
> Assignee: David Handermann
> Priority: Minor
> Fix For: 1.16.0
>
> Time Spent: 20m
> Remaining Estimate: 0h
>
> The {{TransformXml}} processor supports Secure Processing as of NiFi 1.3.0,
> which prevents external access attempts using XML entity references. The
> {{Secure Processing}} property applies to input FlowFiles, but does not apply
> to the XSLT source that the processor uses during transformation.
> {{TransformXml}} should be updated to apply Secure Processing to XSLT sources.
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
