Update git submodules
* Update swift from branch 'master' to 046430f08f1a34a6d3913bad3f7b5a0f7e486fc2 - Merge "s3api: Prevent XXE injections" - s3api: Prevent XXE injections Previously, clients could use XML external entities (XXEs) to read arbitrary files from proxy-servers and inject the content into the request. Since many S3 APIs reflect request content back to the user, this could be used to extract any secrets that the swift user could read, such as tempauth credentials, keymaster secrets, etc. Now, disable entity resolution -- any unknown entities will be replaced with an empty string. Without resolving the entities, the request is still processed. [CVE-2022-47950] Closes-Bug: #1998625 Co-Authored-By: Romain de Joux <romain.de-joux@ovhcloud.com> Change-Id: I84494123cfc85e234098c554ecd3e77981f8a096
This commit is contained in:
parent
f87ae21a2f
commit
bceb090a66
2
swift
2
swift
|
@ -1 +1 @@
|
|||
Subproject commit 5344ecf0e56e96c7c5bec3fba35c3bba4ed64180
|
||||
Subproject commit 046430f08f1a34a6d3913bad3f7b5a0f7e486fc2
|
Loading…
Reference in New Issue