Sergey Beryozkin-5 wrote:
>
> Hi
>
> On Mon, Aug 2, 2010 at 3:00 PM, Tal Maayani
> wrote:
>
>> Hi,
>>
>> According to your advice, in order to block DTD based XML attack one need
>> to either use CXF version 2.2.9 or replace the default xml parser.
>>
>> there is an issue with (JAXRS) SourceP
Is everyone OK if I build 2.2.10 tomorrow sometime?
I meant to try and do it today, but I'm still trying to catch up from
everything that went on last week. Thus, I'm hoping to do it tomorrow.
--
Daniel Kulp
dk...@apache.org
http://dankulp.com/blog
Definitely try 2.2.9. That may help.
Alternatively, set a JVM param of something like -XX:MaxPermSize=148m or
similar. The default PermGen space is relatively small for many complex
applications that use a lot of small classes. If you are using a 64bit JVM
it's especially bad as the space
Honestly, I'm not sure. I know WebSphere had a flag or something to have it
not process the @WebService annotation things so CXF would work. I'm not
sure if GlassFish does or not.
One option that MAY work would be to NOT put an @WebService annotation on the
Impl and configure it completely
