Files
Alex Osborne 96737799ed Enable XXE protection when parsing crawl job XML
Heritrix's Spring XML based job config format by design allows arbitrary code execution, so this doesn't realistically make things much safer, but I also don't see any reason we need external entity resolution enabled. I suppose there's a chance this could mitigate a generic automated attack that uses XXE but doesn't target Heritrix or Spring XML specifically.

Fixes #711
2026-03-02 10:11:38 +09:00
..