We're updating the issue view to help you get more done. 

CVE-2020-10683 Update dom4j to 2.1.3 or later

Description

As reported by Github, Openfire should update dom4j:

CVE-2020-10683
high severity
*Vulnerable versions:* < 2.1.3
*Patched version:* 2.1.3
dom4j before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j.

Environment

None

Acceptance Test - Entry

None

Assignee

Guus der Kinderen

Reporter

Guus der Kinderen

Labels

None

Expected Effort

None

Ignite Forum URL

None

Components

Fix versions

Priority

Major
Configure