Hello, I am a security researcher worried about the threat of XXE in Java parsers.
https://www.owasp.org/index.php/XML_External_Entity_%28XXE%29_Processing Java 8 made the choice to disable External Entities by default and I'd love to see Xerces2 make the same choice. This is a pretty serious risk to be left on by default. Has there been any discussion on this before? Forgive me if I am late to the game here. Aloha, -- Jim Manico @Manicode (808) 652-3805 --------------------------------------------------------------------- To unsubscribe, e-mail: j-users-unsubscr...@xerces.apache.org For additional commands, e-mail: j-users-h...@xerces.apache.org
