Oved Ourfali has submitted this change and it was merged. Change subject: core: fix CVE-2014-3573 ...................................................................... core: fix CVE-2014-3573 single place in which DocumentBuilderFactory is constructed to apply security settings. Bug-Url: https://bugzilla.redhat.com/show_bug.cgi?id=1139000 Change-Id: Icf27db1ec13b6a16d9b7c77fd9710e8e6f6ec3c9 Signed-off-by: Alon Bar-Lev <alonbl@redhat.com> --- M backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/InstallerMessages.java A backend/manager/modules/utils/src/main/java/org/ovirt/engine/core/utils/SecureDocumentBuilderFactory.java M backend/manager/modules/utils/src/main/java/org/ovirt/engine/core/utils/XmlUtils.java M backend/manager/modules/utils/src/main/java/org/ovirt/engine/core/utils/ovf/xml/XmlDocument.java 4 files changed, 26 insertions(+), 4 deletions(-) Approvals: Roy Golan: Verified; Looks good to me, approved -- To view, visit http://gerrit.ovirt.org/32622 To unsubscribe, visit http://gerrit.ovirt.org/settings Gerrit-MessageType: merged Gerrit-Change-Id: Icf27db1ec13b6a16d9b7c77fd9710e8e6f6ec3c9 Gerrit-PatchSet: 3 Gerrit-Project: ovirt-engine Gerrit-Branch: ovirt-engine-3.4 Gerrit-Owner: Alon Bar-Lev <alonbl@redhat.com> Gerrit-Reviewer: Alon Bar-Lev <alonbl@redhat.com> Gerrit-Reviewer: Oved Ourfali <oourfali@redhat.com> Gerrit-Reviewer: Roy Golan <rgolan@redhat.com> Gerrit-Reviewer: oVirt Jenkins CI Server