Eliminate all remote schema imports in embedded schemas
Basics
Logistics
Basics
Logistics
Description
Given Spring isn’t likely to consider their remotely capable entity resolution on imported schemas a bug, their position will be that it’s our fault for allowing URLs into our “trusted” XML. We should therefore change all the schemas to rely on locally overridden locations we can trap in the handler mappings and ensure that no accidents occur on them. We have hardened this, but there’s no guarantee.
Environment
None
Activity
Scott Cantor January 3, 2023 at 3:33 PM
Going to schedule this for V5, as I seem to recall this is another of those “we try this every 5 years and it never works for some reason” situations.
Given Spring isn’t likely to consider their remotely capable entity resolution on imported schemas a bug, their position will be that it’s our fault for allowing URLs into our “trusted” XML. We should therefore change all the schemas to rely on locally overridden locations we can trap in the handler mappings and ensure that no accidents occur on them. We have hardened this, but there’s no guarantee.