Fix XXE in parsing SAML messages

Implement recommended fix from https://simplesamlphp.org/security/202412-01
catalyst · Dec 13, 2024 · f521ffd · f521ffd
1 parent 085062a
commit f521ffd
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/.extlib/simplesamlphp/vendor/simplesamlphp/saml2/src/SAML2/DOMDocumentFactory.php b/.extlib/simplesamlphp/vendor/simplesamlphp/saml2/src/SAML2/DOMDocumentFactory.php
@@ -38,7 +38,7 @@ public static function fromString(string $xml) : DOMDocument
         libxml_clear_errors();
 
         $domDocument = self::create();
-        $options = LIBXML_DTDLOAD | LIBXML_DTDATTR | LIBXML_NONET | LIBXML_PARSEHUGE;
+        $options = LIBXML_NONET | LIBXML_PARSEHUGE;
         if (defined('LIBXML_COMPACT')) {
             $options |= LIBXML_COMPACT;
         }