[xmlsec] New xmlsec 1.2.17 release
Michael Stahl
michael.x.stahl at oracle.com
Fri Apr 1 07:37:22 PDT 2011
On 01/04/2011 16:26, Aleksey Sanin wrote:
> forbid any access to file system as it is done in the following
>>> commits:
>>>
>>>
>>> http://git.gnome.org/browse/xmlsec/commit/?id=2d5eddcc4163ea050cf3a3a1a25452bb5124f780
>>> http://trac.webkit.org/changeset/79159
>> in the commit the problem is fixed by using xsltSetDefaultSecurityPrefs.
>> this sets the security prefs for the whole process (a global variable).
>> ....
> These are examples of how to fix the problem in the aplicaiton. The actual
> change in xmlsec library itself is here
of course, you are right :)
had assumed those changes were for the library itself...
> http://git.gnome.org/browse/xmlsec/commit/?id=35eaacde6093d6711339754fc2146341b8b9f5fa
so libxmlsec itself is already using xsltSetCtxtSecurityPrefs!
very good, sorry for the noise, should have read more carefully...
> Aleksey
regards,
michael
--
"I have left orders to be awakened at any time in case of national
emergency, even if I'm in a cabinet meeting." -- Ronald Reagan
More information about the xmlsec
mailing list