[BUG] eXist-db 6 config is not properly secured

[adamretter]

There was a change made to the eXist-db 5 conf.xml and web.xml templates in 2021 to secure processing of XML entities, and also to disable acceptance of un-authenticated XQuery POST requests. The commit is here - 45e9b68

However, this change does not appear to have been applied for the eXist-db 6 conf.xml and web.xml templates. I am wondering what the decision was for this not being done? Would a Pull Request to fix this be accepted?

[chakl]

That's possibly an oversight. We will look into this.

[windauer]

fixed by commit 5dfefd8

[windauer]

reopening cause there might be other things to check. Needs review.