[x3d-public] Log4j and what it means for encodings
John Carlson
yottzumm at gmail.com
Sat Dec 11 13:37:11 PST 2021
Apparently there is a denial of service attack happening on log4j/struts/soap. Imagine your X3D xml/json/VRML having millions of nested Groups and transforms. How can we defend ourselves, and what limits can we set in place? I do know tail recursion can help, but I’m not sure what happens when there are too many stack frames to open.
I know the standard talks about limits on these things, but is there a limit of depth of nested nodes in the standard? I will do some googling.
Sent from my iPad
More information about the x3d-public
mailing list