[jira] [Updated] (BATIK-1276) Allow blocking of external resources

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

[jira] [Updated] (BATIK-1276) Allow blocking of external resources

Simon Steiner (Jira)

     [ https://issues.apache.org/jira/browse/BATIK-1276?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Simon Steiner updated BATIK-1276:
---------------------------------
    Description:
java -cp batik/lib/*:batik/batik-1.13.0-SNAPSHOT/lib/batik-all-1.13.0-SNAPSHOT.jar org.apache.batik.apps.rasterizer.Main -scriptSecurityOff -blockExternalResources test.svg

 

Should stop xlink:href value being read

 

Fixes CVE-2019-17566

  was:
java -cp batik/lib/*:batik/batik-1.13.0-SNAPSHOT/lib/batik-all-1.13.0-SNAPSHOT.jar org.apache.batik.apps.rasterizer.Main -scriptSecurityOff -blockExternalResources test.svg

 

Should stop xlink:href value being read


> Allow blocking of external resources
> ------------------------------------
>
>                 Key: BATIK-1276
>                 URL: https://issues.apache.org/jira/browse/BATIK-1276
>             Project: Batik
>          Issue Type: Bug
>            Reporter: Simon Steiner
>            Assignee: Simon Steiner
>            Priority: Major
>             Fix For: 1.13
>
>         Attachments: test.svg
>
>
> java -cp batik/lib/*:batik/batik-1.13.0-SNAPSHOT/lib/batik-all-1.13.0-SNAPSHOT.jar org.apache.batik.apps.rasterizer.Main -scriptSecurityOff -blockExternalResources test.svg
>  
> Should stop xlink:href value being read
>  
> Fixes CVE-2019-17566



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]