Hello, I have seen that Camel has a build-in type converter for XML, with the org.apache.camel.converter.jaxp.XmlConverter.
Is this XMLConverter already preconfigured to protect against XML External Entity attacks? (https://www.owasp.org/index.php/XML_External_Entity_(XXE)_Prevention_Cheat_Sheet) I have seen that CAMEL-8311<https://issues.apache.org/jira/browse/CAMEL-8311> was implemented to prevent XXE Compared with the recommendation of OWASP, the XMlConverter miss some settings, e.g.: http://apache.org/xml/features/nonvalidating/load-external-dtd http://xml.org/sax/features/external-parameter-entities Is this covered somewhere else or is this something we need to configure our self if we want to use a secure xml converter? Best regards, Thomas InterComponentWare AG: Vorstand: Matthias Gl?ck Aufsichtsratsvors.: Prof. Dr. Christof Hettich Unternehmenssitz: 69190 Walldorf, Altrottstra?e 31 AG Mannheim HRB 351761 / USt.-IdNr.: DE 198388516
