Play Framework Java XML External Entity Vulnerability
173 views
Skip to first unread message
James Roper
Oct 7, 2014, 4:29:32 PM10/7/14
to play-framew...@googlegroups.com
A security vulnerability has been found in all versions of Play Framework up to and including 2.3.4. It affects users of the Play Framework Java XML API, including users of the XML methods made available by the WS client API.
This vulnerability has been fixed in Play 2.3.5, and workarounds have been published for other major versions of Play.
The Play team recommends that all Play Java users assess their application to see if they are using the affected APIs, and if so, upgrade to Play 2.3.5 or implement one of the published workarounds.
For details on this vulnerability, including the workarounds, please see the vulnerability advisory on the Play website:
http://www.playframework.com/security/vulnerability/CVE-2014-3630-XmlExternalEntity
--
This vulnerability has been fixed in Play 2.3.5, and workarounds have been published for other major versions of Play.
The Play team recommends that all Play Java users assess their application to see if they are using the affected APIs, and if so, upgrade to Play 2.3.5 or implement one of the published workarounds.
For details on this vulnerability, including the workarounds, please see the vulnerability advisory on the Play website:
http://www.playframework.com/security/vulnerability/CVE-2014-3630-XmlExternalEntity
Regards,
Reply all
Reply to author
Forward
0 new messages