This is an automated email from the ASF dual-hosted git repository. ilgrosso pushed a commit to branch 2_0_X in repository https://gitbox.apache.org/repos/asf/syncope.git
The following commit(s) were added to refs/heads/2_0_X by this push: new 5d02fc2 Enable the secure processing feature 5d02fc2 is described below commit 5d02fc26b9d8f3705a57d15fd4c1ee1f90bb96d4 Author: Francesco Chicchiriccò <ilgro...@apache.org> AuthorDate: Thu Nov 22 12:56:53 2018 +0100 Enable the secure processing feature --- .../apache/syncope/core/persistence/jpa/content/XMLContentLoader.java | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/content/XMLContentLoader.java b/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/content/XMLContentLoader.java index 63a6089..e6e4531 100644 --- a/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/content/XMLContentLoader.java +++ b/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/content/XMLContentLoader.java @@ -24,6 +24,7 @@ import java.util.Map; import java.util.Properties; import javax.annotation.Resource; import javax.sql.DataSource; +import javax.xml.XMLConstants; import javax.xml.parsers.SAXParser; import javax.xml.parsers.SAXParserFactory; import org.apache.syncope.core.spring.ApplicationContextProvider; @@ -100,8 +101,8 @@ public class XMLContentLoader extends AbstractContentDealer implements ContentLo throws Exception { SAXParserFactory factory = SAXParserFactory.newInstance(); + factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, Boolean.TRUE); try (InputStream in = contentXML.getResource().getInputStream()) { - SAXParser parser = factory.newSAXParser(); parser.parse(in, new ContentLoaderHandler(dataSource, ROOT_ELEMENT, true)); LOG.debug("[{}] Default content successfully loaded", domain);