Hello. There's been a lot going around lately about XML External Entity definitions and how they (and related constructs) can be exploited in nefarious ways.
Does xmlbeans set safe defaults for 'features' on xml processors? If not, are the base objects accessible to developers (users of xmlbeans) so that processing 'features' can be set? Thanks -- Jon Gorrono PGP Key: 0x5434509D - http{pgp.mit.edu:11371/pks/lookup?search=0x5434509D&op=index} http{middleware.ucdavis.edu} --------------------------------------------------------------------- To unsubscribe, e-mail: user-unsubscr...@xmlbeans.apache.org For additional commands, e-mail: user-h...@xmlbeans.apache.org