bhaveshamre opened a new pull request, #842: URL: https://github.com/apache/ranger/pull/842
## What changes were proposed in this pull request? This patch fixes a Ranger plugin installation failure caused by applying unsupported SAX parser features to TransformerFactory in XmlConfigChanger. The existing implementation attempted to enforce XML security using setFeature(), which is not supported by TransformerFactory and resulted in TransformerConfigurationException during plugin setup. The fix replaces the incompatible setFeature() calls with the supported JAXP mechanism using setAttribute() (ACCESS_EXTERNAL_DTD and ACCESS_EXTERNAL_STYLESHEET) to restrict external entity access during XML transformation. This maintains the intended XXE protection while ensuring compatibility across JDK versions and TransformerFactory implementations. ## How was this patch tested? Confirmed no TransformerConfigurationException is thrown during plugin setup. Confirmed plugin properties are added while preserving existing configuration. Verified successful using: mvn clean compile package install. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
