[x3d-public] Log4j and what it means for encodings

[John Carlson]

Apparently there is a denial of service attack happening on log4j/struts/soap.   Imagine your X3D xml/json/VRML having millions of nested Groups and transforms.   How can we defend ourselves, and what limits can we set in place?  I do know tail recursion can help, but I’m not sure what happens when there are too many stack frames to open.

I know the standard talks about limits on these things, but is there a limit of depth of nested nodes in the standard?  I will do some googling.

Sent from my iPad