Uploaded image for project: 'OpenMRS Core'
  1. OpenMRS Core
  2. TRUNK-4819

Xstream serilaizer should ignore proxies, xml entities and disable spring EL support

    XMLWordPrintable

    Details

    • Complexity:
      Medium

      Description

      Xstream serilaizer should ignore proxies, xml entities, we also need to disable spring EL support because they expose an OpenMRS instance to attackers via to Remote Method Execution

        Gliffy Diagrams

          Attachments

            Activity

              People

              Assignee:
              wyclif Wyclif Luyima
              Reporter:
              wyclif Wyclif Luyima
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: