-
Notifications
You must be signed in to change notification settings - Fork 278
3.12.0 Upgrade Guide
In 3.12.0, we address a potential security risk regarding XML External Entity Processing. See this OWASP article for more details about the vulnerability.
In order to mitigate risk, we now disallow DOCTYPE declarations in all areas the Mirth Connect that parse XML.
If any of your channels or code templates are constructing XML messages that contain DOCTYPE declarations, there will now be an error when that XML is parsed by Connect.
Similarly, if any of your channels receives XML messages that contain DOCTYPE declarations, those messages will error upon parsing.
The PDFBox library has been updated from version 1.8.4 to 2.0.24 in Connect version 3.12.0.
Since the library has been updated from 1.x to 2.x, if you are using any classes from PDFBox directly, you may need to change how you have implemented your PDF solutions around this library.
Previously, while local paths to images may have worked without being proper URIs, it was never intended functionality, and with the change of PDF libraries in 3.12.0, you must now use a proper file URI when adding images to your PDF.
For example, this will not work:
<img src="/data/images/image1.png"></img>But this does work:
<img src="file:///data/images/image1.png"></img>- Home
- Frequently Asked Questions
- Source Code Contribution
- Java Licensing
- How to Contribute to the Wiki
- Administrator Launcher (MCAL)
-
Mirth Connect
-
Release Notes
- 4.5.0 - What's New
- 4.4.0 - What's New
- 4.3.0 - What's New
- 4.2.0 - What's New
- 4.1.0 - What's New
- 4.0.0 - What's New
- 3.12.0 - What's New
- 3.11.0 - What's New
- 3.10.0 - What's New
- 3.9.0 - What's New
- 3.8.0 - What's New
- 3.7.0 - What's New
- 3.6.0 - What's New
- 3.5.0 - What's New
- 3.4.0 - What's New
- 3.3.0 - What's New
- 3.2.0 - What's New
- 3.1.0 - What's New
- 3.0.0 - What's New
- Upgrading
-
Release Notes
- User Guide
- Commercial Extensions
- Examples and Tutorials