This is the "future" feature being set for Xerces. Scott Nichol
----- Original Message ----- From: "Ted Leung" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Tuesday, December 03, 2002 10:31 AM Subject: Re: Security Alert - Xerces] > The next version of Xerces-J will include a parser feature that will > turn off DOCTYPE processing. When activated, this feature will > prevent the entity expansion that causes this vulnerability. The Axis > team will be able to use this feature to close the hole. > > The URI for the parser feature will be > "http://apache.org/xml/features/disallow-doctype-decl" > > Ted > ----- Original Message ----- > From: "Ben Laurie" <[EMAIL PROTECTED]> > To: "Ted Leung" <[EMAIL PROTECTED]> > Sent: Wednesday, November 27, 2002 3:37 AM > Subject: [Fwd: Security Alert - Xerces] > > > > Here ya go. Please keep security@ copied on any followups... > > > > Cheers, > > > > Ben. > > > > -- > > http://www.apache-ssl.org/ben.html http://www.thebunker.net/ > > > > "There is no limit to what a man can do or how far he can go if he > > doesn't mind who gets the credit." - Robert Woodruff > > > > -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>