Hi JDK is using Xerces by default for StAX and some other XML related APIs.
This implementation uses com.sun.org.apache.xerces.internal.utils.XMLSecurityManager as the XML security manager and has a limit of com.sun.org.apache.xerces.internal.utils.XMLSecurityManager.Limit#TOTAL_ENTITY_SIZE_LIMIT (5,000,000) enabled by default. Is there a way to programmatically disable this limit when using StAX? For example, when creating an XMLInputFactory and XMLEventReader: final XMLInputFactory inputFactory = XMLInputFactory.newInstance(); final XMLEventReader eventReader = inputFactory.createXMLEventReader(inputStream); Best regards, Behrang Saeedzadeh