Hi,The issue is that the limits applied to each processing process rather than each file processing. This applies to not only StAX as reported, but also other parsers and validators. The fix is to add reset to XMLSecurityManager and call it upon each file processing. XSLT Transform is verified fixed as the underlying parsers are fixed.
webrev: http://cr.openjdk.java.net/~joehw/jdk8/8028111/webrev/ Thanks, Joe
