This is the "future" feature being set for Xerces.

Scott Nichol

----- Original Message -----
From: "Ted Leung" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
Sent: Tuesday, December 03, 2002 10:31 AM
Subject: Re: Security Alert - Xerces]


> The next version of Xerces-J will include a parser feature that will
> turn off DOCTYPE processing.  When activated, this feature will
> prevent the entity expansion that causes this vulnerability.  The Axis
> team will be able to use this feature to close the hole.
>
> The URI for the parser feature will be
> "http://apache.org/xml/features/disallow-doctype-decl";
>
> Ted
> ----- Original Message -----
> From: "Ben Laurie" <[EMAIL PROTECTED]>
> To: "Ted Leung" <[EMAIL PROTECTED]>
> Sent: Wednesday, November 27, 2002 3:37 AM
> Subject: [Fwd: Security Alert - Xerces]
>
>
> > Here ya go. Please keep security@ copied on any followups...
> >
> > Cheers,
> >
> > Ben.
> >
> > --
> > http://www.apache-ssl.org/ben.html       http://www.thebunker.net/
> >
> > "There is no limit to what a man can do or how far he can go if he
> > doesn't mind who gets the credit." - Robert Woodruff
> >
>
>


--
To unsubscribe, e-mail:   <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>

Reply via email to