mirror of
https://github.com/internetarchive/heritrix3.git
synced 2026-07-13 19:17:18 +00:00
96737799ed
Heritrix's Spring XML based job config format by design allows arbitrary code execution, so this doesn't realistically make things much safer, but I also don't see any reason we need external entity resolution enabled. I suppose there's a chance this could mitigate a generic automated attack that uses XXE but doesn't target Heritrix or Spring XML specifically. Fixes #711