[ https://issues.apache.org/jira/browse/MCHECKSTYLE-375?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Enrico Olivelli reassigned MCHECKSTYLE-375: ------------------------------------------- Assignee: Enrico Olivelli > Upgrade all test XML doctypes > ----------------------------- > > Key: MCHECKSTYLE-375 > URL: https://issues.apache.org/jira/browse/MCHECKSTYLE-375 > Project: Maven Checkstyle Plugin > Issue Type: Improvement > Components: checkstyle:check, checkstyle:checkstyle > Affects Versions: 3.0.0 > Reporter: richard > Assignee: Enrico Olivelli > Priority: Major > Time Spent: 10m > Remaining Estimate: 0h > > The tests used to test maven-checkstyle are using old DTDs and unsecure > "http" locations. This is related to CVE-2019-9658. The security issue is in > the parser that is used to parse this file. It leaves any code that parses > this file vulnerable to XXE via a MITM. > > All doctypes used in maven-checkstyle repo (configurations, suppressions, > import controls, etc...) should be updated to use the latest URL and public > DOCTYPEs. > Example: > ```` > <!DOCTYPE module PUBLIC > "-//Checkstyle//DTD Checkstyle Configuration 1.3//EN" > "https://checkstyle.org/dtds/configuration_1_3.dtd"> > ```` -- This message was sent by Atlassian JIRA (v7.6.3#76005)