Stefan Sperling wrote on Sat, Apr 23, 2016 at 18:31:39 +0200: > On Sat, Apr 23, 2016 at 05:55:23PM +0200, Florian Weimer wrote: > > It seems that mod_dontdothat creates an Expat XML parser without > > inhibiting XML entity expansion for the internal DTD subset. This > > might cause a denial-of-service issue when parsing client-submitted > > XML. > > > > There are other pieces of code in Subversion which also create Expat > > parsers this way, but they are in the client code, so there is less > > exposure. > > > > May I file an issue for this? > > Sure.
You can simply email the details to d...@subversion.apache.org, in addition to or instead of opening a jira ticket [jira is under a temporary lockdown right now]. Thanks, Daniel
