Bug 37261

Summary: Parsing web.xml from TldLocationsCache does not handle external entities
Product: Tomcat 5 Reporter: Greg Peterson <greg.peterson>
Component: JasperAssignee: Tomcat Developers Mailing List <dev>
Status: RESOLVED FIXED    
Severity: normal CC: hgomez
Priority: P2    
Version: 5.5.9   
Target Milestone: ---   
Hardware: All   
OS: All   

Description Greg Peterson 2005-10-27 05:48:19 UTC 
This is similar to bug 34034.  The org.apache.jasper.compiler.TldLocationsCache
class parses the web.xml (again!).  The processWebDotXml method of this class
should be modified to create an InputSource over the InputStream, and set the
systemId of the InputSource to the URI of the web.xml document, similar to the
change made to org.apache.jaspser.compiler.JspConfig for bug 34034.
Comment 1 william.barker 2005-11-07 03:09:25 UTC 
This is now fixed in the SVN trunk, and will appear in 5.5.13.
Comment 2 william.barker 2005-11-07 04:17:46 UTC 
*** Bug 37143 has been marked as a duplicate of this bug. ***