This is an automated email from the ASF dual-hosted git repository. coheigea pushed a commit to branch camel-2.x in repository https://gitbox.apache.org/repos/asf/camel.git
The following commit(s) were added to refs/heads/camel-2.x by this push: new 85043c3 Disable external entities for schematron component 85043c3 is described below commit 85043c375d22f151e41aaa0a5f51ee1cf88a9300 Author: Colm O hEigeartaigh <cohei...@apache.org> AuthorDate: Fri Oct 11 10:37:17 2019 +0100 Disable external entities for schematron component --- .../schematron/processor/SchematronProcessorFactory.java | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/components/camel-schematron/src/main/java/org/apache/camel/component/schematron/processor/SchematronProcessorFactory.java b/components/camel-schematron/src/main/java/org/apache/camel/component/schematron/processor/SchematronProcessorFactory.java index 13f146e..1f098da 100644 --- a/components/camel-schematron/src/main/java/org/apache/camel/component/schematron/processor/SchematronProcessorFactory.java +++ b/components/camel-schematron/src/main/java/org/apache/camel/component/schematron/processor/SchematronProcessorFactory.java @@ -69,7 +69,15 @@ public final class SchematronProcessorFactory { */ private static XMLReader getXMLReader() throws ParserConfigurationException, SAXException { final SAXParserFactory fac = SAXParserFactory.newInstance(); - fac.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, Boolean.TRUE); + try { + fac.setFeature(javax.xml.XMLConstants.FEATURE_SECURE_PROCESSING, Boolean.TRUE); + fac.setFeature("http://xml.org/sax/features/external-general-entities", false); + fac.setFeature("http://xml.org/sax/features/external-parameter-entities", false); + fac.setFeature("http://apache.org/xml/features/nonvalidating/load-external-dtd", false); + } catch (ParserConfigurationException | SAXException ex) { + // LOG.debug("Error setting feature on parser: " + + // ex.getMessage()); + } fac.setValidating(false); final SAXParser parser = fac.newSAXParser(); XMLReader reader = parser.getXMLReader();