Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Allow SAXParserFactory or SAXParser to be configured in Jetty's XmlParser class - GHSA-58qw-p7qm-5rvh #10066

Closed
joakime opened this issue Jul 5, 2023 · 0 comments · Fixed by #10067
Assignees
Milestone

Comments

@joakime
Copy link
Contributor

joakime commented Jul 5, 2023

Jetty version(s)
10+

Enhancement Description
If the user of Jetty's XmlParser class wants to customize the SAXParserFactory or SAXParser, then there is no way for them to accomplish that.

Provide an API that allows the user to customize the behaviors of these classes to suit their needs.

This addresses Advisory GHSA-58qw-p7qm-5rvh

@joakime joakime added this to the 10.0.x milestone Jul 5, 2023
@joakime joakime self-assigned this Jul 5, 2023
joakime added a commit that referenced this issue Jul 5, 2023
joakime added a commit that referenced this issue Jul 5, 2023
joakime added a commit that referenced this issue Jul 5, 2023
Signed-off-by: Joakim Erdfelt <[email protected]>
joakime added a commit that referenced this issue Jul 5, 2023
joakime added a commit that referenced this issue Jul 5, 2023
joakime added a commit that referenced this issue Jul 6, 2023
…er` in `XmlParser` (#10067)

* Allow customization of SAXParserFactory / SAXParser in XmlParser
* Introduce method `.getSAXParser()`
---------

Signed-off-by: Joakim Erdfelt <[email protected]>
Co-authored-by: Greg Wilkins <[email protected]>
joakime added a commit that referenced this issue Aug 11, 2023
…er` in `XmlParser` (#10067)

* Allow customization of SAXParserFactory / SAXParser in XmlParser
* Introduce method `.getSAXParser()`
---------

Signed-off-by: Joakim Erdfelt <[email protected]>
Co-authored-by: Greg Wilkins <[email protected]>
joakime added a commit that referenced this issue Aug 14, 2023
…er` in `XmlParser` (#10299)

Backports of
* Issue #10066 - Allow customization of `SAXParserFactory` and `SAXParser` in `XmlParser` (#10067)
* Updating various old/moved URL references found across project (`jetty-10.0.x`) (#10098)

Consisting of
* Allow customization of SAXParserFactory / SAXParser in XmlParser
* Introduce method `.getSAXParser()`
* Prepending doctype in testcases
* More comprehensive changes to redirectEntity config
* Updating various old/moved URL references found across project (`jetty-10.0.x`) (#10098)
* Now that the migration of `https://eclipse.org/jetty/` to `https://eclipse.dev/jetty/` has occurred, it is time to review the URI use in our project
* Added more URIs to XmlConfiguration
* Better SAXParseException handling to report resource that is causing the problem
* Add missing DOCTYPE declarations
* Enforcing unique XML ids

---------

Signed-off-by: Joakim Erdfelt <[email protected]>
Co-authored-by: Greg Wilkins <[email protected]>
@joakime joakime changed the title Allow SAXParserFactory or SAXParser to be configured in Jetty's XmlParser class Allow SAXParserFactory or SAXParser to be configured in Jetty's XmlParser class - GHSA-58qw-p7qm-5rvh Aug 30, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
1 participant