thanks.
On Mon, Jun 3, 2013 at 2:59 PM, Alan Bateman <alan.bate...@oracle.com>wrote: > On 02/06/2013 22:05, Ali Ebrahimi wrote: > >> I update to jdk8b92 and almost all apps deals with xml parsing breaks. >> in other word, current default value for XMLConstants.ACCESS_EXTERNAL_** >> DTD >> property is empty string. This should be at least change to "file". >> > Yes, the defaults are problematic and are due to be re-examined (but > thanks anyway, it's just more evidence that the right thing is to opt-in to > have more secure processing rather than requiring the rest of the world to > opt-out). > > I don't know if you are on jdk8-dev but Joe Wang posted a note about this > recently: > > http://mail.openjdk.java.net/**pipermail/jdk8-dev/2013-May/**002554.html<http://mail.openjdk.java.net/pipermail/jdk8-dev/2013-May/002554.html> > > -Alan. >
