I host a PlantUML server. I am slightly concerned at the ability to include arbitrary URLs or files via the server (for example, if we were to allow access to PlantUML for external users).
I noticed that on the PlantUML demo server (http://plantuml.com/plantuml) the ability to !include random files is blocked. For example the image described below renders with the footer containing the literal string "!include /etc/passwd" on the demo server, but instead the footer contains the contents of /etc/passwd when rendered by my server. However, the image also includes standard library entries, so !include is not completely disabled.
s3_internal <- s3_partner
What I would like to know is - is it possible for me to disable !include of random files in my own PlantUML server? And if so, how? I am running the server version 1.2019.1.
Thanks to anyone who can help!