-
Notifications
You must be signed in to change notification settings - Fork 14
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[XSDLookUp] Updated entity resolver to not fallback to network lookup when xsd is not found #135
Comments
➤ karen.a.taggart commented: question from Adrian Velonis Hi Karen, can you clarify what docs needs to do for this ticket "[XSDLookUp] Updated entity resolver to not fallback to network lookup when xsd is not found"? |
➤ karen.a.taggart commented: Nathan Voxland can you take a look at this and help out Adrian Velonis ? I have to admit I am not following how the PR changed the end user experience and how that should be reflected in the user docs. Feel free of course to just submit a docs PR with your draft. If you do that, please just let me know and I will close this ticket. Thanks! KT |
➤ Nathan Voxland commented: We don’t have to change any of our headers or anything. What changed is that if a user is referencing an XSD other than one of ours, Liquibase will no longer automatically download the XSD from the internet and use it. Instead, they will get an error of Unable to resolve xml entity locally: liquibase.secureParsing is set to 'true' which does not allow remote lookups. Set it to 'false' to allow remote lookups of xsd files. Their options are either:
So normal Liquibase usage isn’t impacted. It’s only people who are using custom or extension XSDs which aren’t already included in their local jars. |
➤ Erzsebet Carmean commented: Nataliya Melnyk, hello - This change prevents Liquibase from looking on the internet for a missing XSD files referenced in a changelog. This is useful when there is no internet connection from the database or if there is an outage on the Liquibase site hosting the XSDs. This change is also more secure, as it leverages the FEATURE_SECURE_PROCESSING setting in the XML parser to limit the ability to “look anywhere” for files. This XML parser parameter is configured in Liquibase using the Liquibase SECURE_PROCESSING global parameter. The default for for SECURE_PROCESSING is true, which stops Liquibase from looking on the internet for missing XSDs. The SECURE_PROCESSING can be disabled using any of the normal Liquibase configuration options. Global Parameter : --secure-parsing=PARAM This comment in the PR has my test notes: CC karen.a.taggart |
➤ karen.a.taggart commented: Adrian Velonis see below from Erzsebet Carmean and Nathan Voxland Thanks! |
https://github.com/liquibase/liquibase/pull/2558
┆Issue is synchronized with this Jira Story by Unito
The text was updated successfully, but these errors were encountered: