Bug #27006
Updated by François ARMAND 3 months ago
JGit used in futur Rudder 9.0 has an XXE: https://github.com/Normation/rudder/security/dependabot/179
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4949
We aren't effected since we don't parse external repo or S3 bucket in our use case.