Hi Jim, Requesting you to please, create a separate thread on "dev" list to discuss this issue. You may also either create a Xerces bug or an improvement request in JIRA.
On Mon, Apr 30, 2018 at 9:43 PM, Jim Manico <[email protected]> wrote: > Forgive this disruption but Xerces allows external entity resolution to be > enabled by default with is a major vulnerability. A simple config setting > change would turn this, rightfully, off by default. > > For more info please see https://cwe.mitre.org/data/definitions/611.html > > -- > Jim Manico > @Manicode > Secure Coding Education > +1 (808) 652-3805 > > -- Regards, Mukul Gandhi
