[xmlsec] New xmlsec 1.2.17 release

Michael Stahl michael.x.stahl at oracle.com
Fri Apr 1 07:37:22 PDT 2011

On 01/04/2011 16:26, Aleksey Sanin wrote:
> forbid any access to file system as it is done in the following
>>>     commits:
>>> http://git.gnome.org/browse/xmlsec/commit/?id=2d5eddcc4163ea050cf3a3a1a25452bb5124f780
>>>      http://trac.webkit.org/changeset/79159
>> in the commit the problem is fixed by using xsltSetDefaultSecurityPrefs.
>> this sets the security prefs for the whole process (a global variable).
>> ....
> These are examples of how to fix the problem in the aplicaiton. The actual
> change in xmlsec library itself is here

of course, you are right :)
had assumed those changes were for the library itself...

> http://git.gnome.org/browse/xmlsec/commit/?id=35eaacde6093d6711339754fc2146341b8b9f5fa

so libxmlsec itself is already using xsltSetCtxtSecurityPrefs!

very good, sorry for the noise, should have read more carefully...

> Aleksey


"I have left orders to be awakened at any time in case of national
 emergency, even if I'm in a cabinet meeting." -- Ronald Reagan

More information about the xmlsec mailing list