[basex-talk] Security problem in 11.9?

2 May 2025


      Hello everyone on the list!
There is a change between 11.8 and 11.9, related to security settings.
This has to do with the following document:
<?xmlversion="1.0"?>
<!DOCTYPEfoo[
<!ELEMENT foo ANY >
<!ENTITYxxe SYSTEM "file:///">
]>
<foo>&xxe;</foo>
When parsing this document, BaseX11.8 threw an error with code 
err:FODC0002, which means that the resource cannot be retrieved.
BaseX 11.9 gives a listing of the root directory of my computer. This 
can be used to retrieve all files on my computer, which is a security risk.

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

[basex-talk] Security problem in 11.9?