On 3/4/15, 5:08 PM, "Jim Manico" <j...@manico.net> wrote:
>With respect, XXE is a massive vulnerability that is turned off by >default in Java 8 as well as IBM parsers. Is there any proof or risk >model I could provide to convince Xerces to turn this off by default? +1 And it's not the only unfixed vulnerability in play (per the note I just sent). -- Scott
