This is an automated email from the ASF dual-hosted git repository. coheigea pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/ws-neethi.git
commit ee4bce032de4826976f79aa86bf985a80162e336 Author: Colm O hEigeartaigh <[email protected]> AuthorDate: Tue Apr 21 09:57:08 2026 +0100 Harden XMLStreamReader creation --- src/main/java/org/apache/neethi/PolicyBuilder.java | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/src/main/java/org/apache/neethi/PolicyBuilder.java b/src/main/java/org/apache/neethi/PolicyBuilder.java index 65eabf7..ab82358 100644 --- a/src/main/java/org/apache/neethi/PolicyBuilder.java +++ b/src/main/java/org/apache/neethi/PolicyBuilder.java @@ -95,7 +95,10 @@ public class PolicyBuilder { */ public Policy getPolicy(InputStream inputStream) { try { - XMLStreamReader reader = XMLInputFactory.newInstance().createXMLStreamReader(inputStream); + XMLInputFactory xif = XMLInputFactory.newInstance(); + xif.setProperty(XMLInputFactory.IS_SUPPORTING_EXTERNAL_ENTITIES, Boolean.FALSE); + xif.setProperty(XMLInputFactory.SUPPORT_DTD, Boolean.FALSE); + XMLStreamReader reader = xif.createXMLStreamReader(inputStream); return getPolicy(reader); } catch (RuntimeException ex) { throw ex;
