pgjdbc/pgjdbc GitHub issues and pull requests (mirror)
help / color / mirror / Atom feedFrom: sehrope (@sehrope) <[email protected]>
To: pgjdbc/pgjdbc <[email protected]>
Subject: Re: [pgjdbc/pgjdbc] issue #3747: Can not set custom PGXmlFactoryFactory
Date: Tue, 29 Jul 2025 13:29:48 +0000
Message-ID: <[email protected]> (raw)
In-Reply-To: <[email protected]>
References: <[email protected]>
You're right. I don't think that code ever worked and has been broken since the CVE fix that added it: 14b62aca4764d496813f55a43d050b017e01eb65
You might be the first person to ever actually use it too. Prior to that the XML factory could not be overridden. The override was added as an escape hatch to allow for users that need something separate from the old insecure behavior (via the legacy `LEGACY INSECURE` option) or the new default secure behavior. But the default and legacy processing branches do not perform any of those checks as it directly instantiates them.
If you open a PR for this (I think it's just reversing that if-statement) I'll take a look later today.
view thread (4+ messages) latest in thread
reply
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Reply to all the recipients using the --to and --cc options:
reply via email
To: github://pgjdbc/pgjdbc
Cc: [email protected], [email protected]
Subject: Re: [pgjdbc/pgjdbc] issue #3747: Can not set custom PGXmlFactoryFactory
In-Reply-To: <<[email protected]>>
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox