Disable external entities resolution in the default XML parser to prevent XXE attacks

Description

The default behavior of Java XML parsers is to happily resolve external XML entities, which exposes any application that processes unsecured XMLs to XXE vulnerabilities.

By default data.xml should initialize the XML parses with disabled XXE processing.

Environment

None

Assignee

Ryan Senior

Reporter

Carlo Sciolla

Labels

Approval

None

Patch

Code and Test

Priority

Critical
Configure