Le 17/04/2020 à 23:10, Salvatore Bonaccorso a écrit : > The following vulnerability was published for dom4j. > > CVE-2020-10683[0]: > XML External Entity vulnerability in default SAX parser > > [2] https://github.com/dom4j/dom4j/commit/a822852 (Patch)
The upstream patch doesn't fix anything, the constructor of SAXReader still allows external entities by default, but the documentation now suggests to disable them. Emmanuel Bourg
