Stream: implementers
Topic: DSTU2 Technical Correction
Grahame Grieve (May 16 2016 at 04:50):
A technical correction will be posted to DSTU2 tomorrow morning US time. The technical correction makes 2 changes to the published DSTU:
- add a note encouraging implementers not to use XML entities (and referencing description of XXE attack on OWASP)
- update the validator included in DSTU2 to reject entities in XML (the real reason for the release)
Brian Postlethwaite (Jun 06 2016 at 02:35):
@Grahame Grieve, if I recall you have a version of the DSTU2 profiles that have all the correct Fluentpath expressions in it?
I would like to update the current dotnet client to have these inside if possible please?
Grahame Grieve (Jun 06 2016 at 06:29):
only invariants, sorry. I didn't do search
Brian Postlethwaite (Jun 06 2016 at 06:38):
Thanks.
Last updated: Apr 12 2022 at 19:14 UTC
