This is an automated email from the ASF dual-hosted git repository. coheigea pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/syncope.git
The following commit(s) were added to refs/heads/master by this push: new 720b253 Enable the secure processing feature 720b253 is described below commit 720b2538d58833629497beecd1f2de04a7624ba4 Author: Colm O hEigeartaigh <cohei...@apache.org> AuthorDate: Thu Nov 22 11:51:41 2018 +0000 Enable the secure processing feature --- .../apache/syncope/core/persistence/jpa/content/XMLContentLoader.java | 2 ++ 1 file changed, 2 insertions(+) diff --git a/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/content/XMLContentLoader.java b/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/content/XMLContentLoader.java index 8b59615..4adfde6 100644 --- a/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/content/XMLContentLoader.java +++ b/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/content/XMLContentLoader.java @@ -23,6 +23,7 @@ import java.io.InputStream; import java.util.Properties; import javax.annotation.Resource; import javax.sql.DataSource; +import javax.xml.XMLConstants; import javax.xml.parsers.ParserConfigurationException; import javax.xml.parsers.SAXParser; import javax.xml.parsers.SAXParserFactory; @@ -101,6 +102,7 @@ public class XMLContentLoader extends AbstractContentDealer implements ContentLo throws IOException, ParserConfigurationException, SAXException { SAXParserFactory factory = SAXParserFactory.newInstance(); + factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, Boolean.TRUE); try (InputStream in = contentXML.getResource().getInputStream()) { SAXParser parser = factory.newSAXParser(); parser.parse(in, new ContentLoaderHandler(dataSource, ROOT_ELEMENT, true));