Ben McIlwain 0030645b1a Harden XML parsing, serialization, and randomness (#3075) ...

This commit introduces several security hardening improvements across the codebase:
1. XML Processing: Hardened `TransformerFactory` and `SchemaFactory` instantiations in `EppMessage.java` by explicitly enabling `XMLConstants.FEATURE_SECURE_PROCESSING` and disabling external schema access.
2. Randomness: Replaced instances of `java.util.Random` with `java.security.SecureRandom` in `SelfSignedCaCertificate.java` for stronger entropy. (Added documentation in `ProxyModule.java` explaining why `java.util.Random` is intentionally retained there for metrics sampling).
3. Deserialization: Hardened `SerializeUtils.java` by injecting an `ObjectInputFilter` into the `ObjectInputStream`, restricting deserialization strictly to expected `google.registry` classes and standard Java collections.

2026-06-01 14:25:42 +00:00

..

kubernetes

Update proxy and nomulus cluster resources (#2858)

2025-10-24 20:19:41 +00:00

src

Harden XML parsing, serialization, and randomness (#3075)

2026-06-01 14:25:42 +00:00

terraform

Remove whois networking from the proxy (#2976)

2026-03-04 20:14:42 +00:00

.gitignore

Refactor to be more in line with a standard Gradle project structure

2019-06-13 09:41:11 -04:00

build.gradle

Complete Joda-Time to java.time migration (#3039)

2026-05-13 16:07:19 +00:00

buildscript-gradle.lockfile

Upgrade to Gradle 7.0 (#1712)

2022-07-26 11:41:27 -04:00

deploy-proxy-for-env.sh

Update proxy resources, increase ssl handshake timeout (#2819)

2025-09-05 18:09:55 +00:00

Dockerfile

Upgrade to Java 25 (#3000)

2026-04-02 21:23:00 +00:00

gradle.lockfile

Uncap most remaining dependencies (#3073)

2026-05-30 02:33:02 +00:00