Details
-
Type:
Task
-
Status: Closed
-
Priority:
Major
-
Resolution: Fixed
-
Affects Version/s: 13.9-rc-1
-
Component/s: Dependency Upgrades
-
Labels:None
-
Difficulty:Unknown
-
Documentation:N/A
-
Documentation in Release Notes:
-
Similar issues:
Description
See https://logback.qos.ch/news.html
• To prevent XML eXternal Entity injection (XXE) attacks, Joran no longer reads external entities passed in XML files. This fixes LOGBACK-1465 as reported by Shuibo Ye.