Fwd: Openfire should not pass through non-well-formed XML
mark at kingant.net
Wed Sep 22 14:44:21 EDT 2010
FYI, just keeping people up to date on two more emails about OpenFire
passing through invalid XML characters.
---------- Forwarded message ----------
From: Guus der Kinderen <guus.der.kinderen at gmail.com>
Date: Sun, Aug 22, 2010 at 12:21 PM
Subject: Re: Openfire should not pass through non-well-formed XML
To: Mark Doliner <mark at kingant.net>
Cc: daryl herzmann <akrherz at iastate.edu>,
"security at igniterealtime.org" <security at igniterealtime.org>
Daryl and me did some tests - things appear to be fixed now, for both
the HTTPBind / BOSH as regular socket interface. There are two
glitches that I'll solve when reworking the entire I/O implementation
(relates to surrogates and the 0x0 char).
Can you verify that the issue has otherwise been resolved at igniterealtime.org?
On 17 August 2010 18:21, Mark Doliner <mark at kingant.net> wrote:
> On Tue, Aug 17, 2010 at 4:36 AM, daryl herzmann <akrherz at iastate.edu> wrote:
>> I also noted that your reported issue occurs in Tigase. Hopefully we'll
>> figure out how to fix this.
> Oh I didn't realize that. Thanks for checking. I'll make sure
> they're aware of it.
More information about the security