We are using JBoss EAP 5.0.1 with JBoss WS 3.0.4 and we are trying to find a solution for preventing XML External Entity injection. How to fix this other than upgrading it to a higher version?
Asked
Active
Viewed 612 times
3
-
Mel, we are in a similar situation. May I ask how you resolved your XXE concerns? – user216661 Sep 11 '15 at 21:05
1 Answers
1
To prevent entity expansion in exposed RESTEasy XML endpoints, add this to the web.xml:
<context-param>
<param-name>resteasy.document.expand.entity.references</param-name>
<param-value>false</param-value>
</context-param>
I found this here, this issue is related to version 7.7 and 8.4 but may also work for older versions.
Martin
- 1,274
- 12
- 23