XXE attacks

Harrie Hazewinkel

unread,

Jul 26, 2019, 3:31:38 AM7/26/19

to dropwizard-dev

Hello all,

Is there a way to avoid an XXE attack?

I am basically looking for configuration options to prevent

processing of the DOCTYPE already inside DropWizard.

regards,

Harrie

Steve Kradel

unread,

Jul 26, 2019, 9:47:12 AM7/26/19

to dropwizard-dev

AFAICT XML support is not a standard part of Dropwizard, and it's unclear what is meant by "DOCTYPE already inside DropWizard." Have you added something to your application to support parsing inbound XML?

Harrie Hazewinkel

unread,

Jul 27, 2019, 5:43:38 AM7/27/19

to dropwiz...@googlegroups.com

Hey,

We have added some indeed and I need to check that part.

I was looking in the wonrg place.

Thanks for the answer or suggestion to get me on the right path.

regards,

Harrie

--
You received this message because you are subscribed to the Google Groups "dropwizard-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to dropwizard-de...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/dropwizard-dev/3b1ec8df-d589-4d97-b0d2-982fc403ccee%40googlegroups.com.

Reply all

Reply to author

Forward