Uploaded image for project: 'OpenMRS Core'
  1. OpenMRS Core
  2. TRUNK-4819

Xstream serilaizer should ignore proxies, xml entities and disable spring EL support

    XMLWordPrintable

    Details

    • Complexity:
      Medium

      Description

      Xstream serilaizer should ignore proxies, xml entities, we also need to disable spring EL support because they expose an OpenMRS instance to attackers via to Remote Method Execution

        Attachments

          Activity

            People

            Assignee:
            wyclif Wyclif Luyima
            Reporter:
            wyclif Wyclif Luyima
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: