This is an automated email from the ASF dual-hosted git repository. sseifert pushed a commit to branch feature/SLING-12529-factories-thread-safe in repository https://gitbox.apache.org/repos/asf/sling-org-apache-sling-testing-osgi-mock.git
commit 1038ec7f96b65cf315c2cb006af4263db6032334 Author: Stefan Seifert <[email protected]> AuthorDate: Mon Dec 9 17:24:31 2024 +0100 Revert "SLING-12528 Fix "XML parsers should not be vulnerable to XXE attacks" (#46)" This reverts commit 286f67628e2b337e9d0be9e0d246b5c9fe51a3fc. --- .../org/apache/sling/testing/mock/osgi/OsgiMetadataUtil.java | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/core/src/main/java/org/apache/sling/testing/mock/osgi/OsgiMetadataUtil.java b/core/src/main/java/org/apache/sling/testing/mock/osgi/OsgiMetadataUtil.java index 4d150af..3a2570e 100644 --- a/core/src/main/java/org/apache/sling/testing/mock/osgi/OsgiMetadataUtil.java +++ b/core/src/main/java/org/apache/sling/testing/mock/osgi/OsgiMetadataUtil.java @@ -76,11 +76,6 @@ final class OsgiMetadataUtil { static { DOCUMENT_BUILDER_FACTORY = DocumentBuilderFactory.newInstance(); - try { - DOCUMENT_BUILDER_FACTORY.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true); - } catch (ParserConfigurationException ex) { - throw new IllegalStateException("Error setting FEATURE_SECURE_PROCESSING.", ex); - } DOCUMENT_BUILDER_FACTORY.setNamespaceAware(true); } @@ -225,7 +220,9 @@ final class OsgiMetadataUtil { private static Document toXmlDocument(InputStream inputStream, String path) { try { - DocumentBuilder documentBuilder = DOCUMENT_BUILDER_FACTORY.newDocumentBuilder(); + DocumentBuilderFactory documentBuilderFactory = DocumentBuilderFactory.newInstance(); + documentBuilderFactory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true); + DocumentBuilder documentBuilder = documentBuilderFactory.newDocumentBuilder(); return documentBuilder.parse(inputStream); } catch (ParserConfigurationException ex) { throw new RuntimeException("Unable to read classpath resource: " + path, ex);
