Hi,
On Jul 9, 2009, at 11:45 AM, Thomas Matthijs wrote:
> Have you filled a bug about this?
https://jersey.dev.java.net/issues/show_bug.cgi?id=323
Tim, what servers have you tried this on? have you tried say Tomcat or
GF ?
Potentially XXE attacks might be easier from within embedded
containers like Grizzly that do not isolate the deployed applications.
> Seems rather important for getting no replies
>
Been away on vacation...
I need to check if app servers like GF disable this by default, or
there are certain restrictions in terms of file access. I will send an
email to users_at_glassfish.dev.java to try and get more info on this.
Paul.