Skip to content

Commit

Permalink
Merge pull request #2121 from GDLMadushanka/security
Browse files Browse the repository at this point in the history 
Disable external entity support in javax.xml
  • Loading branch information
@isudana
isudana authored Dec 8, 2023
2 parents 47cf14f + 8dd2459 commit a2a3908
Showing 1 changed file with 1 addition and 0 deletions.
1 change: 1 addition & 0 deletions .../core/src/main/java/org/apache/synapse/mediators/transform/pfutils/TemplateProcessor.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -533,6 +533,7 @@ protected void handleException(String msg) {
public void readInputFactoryProperties() {
//ignore DTDs for XML Input
inputFactory.setProperty(XMLInputFactory.SUPPORT_DTD, Boolean.FALSE);
inputFactory.setProperty(XMLInputFactory.IS_SUPPORTING_EXTERNAL_ENTITIES, Boolean.FALSE);
inputFactory.setProperty(XMLInputFactory.IS_COALESCING, true);
Map props = StAXUtils.loadFactoryProperties("XMLInputFactory.properties");
if (props != null) {
Expand Down

0 comments on commit a2a3908

Please sign in to comment.