[ https://issues.apache.org/jira/browse/TIKA-2466?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16166949#comment-16166949 ]
Nick Burch commented on TIKA-2466: ---------------------------------- If we're going to use {{DocumentBuilderFactory}}, then we need to make sure we're using a safe / locked down version, which the default isn't always. We have logic for building a "safe" one in {{org.apache.tika.parser.ParseContext}}. Not sure if we should call out to that, or move it to a utils method for both to use. Any thoughts [~talli...@mitre.org], as the person who added that code? Possibly ditto {{TransformerFactory}} > Remove JAXB usage > ----------------- > > Key: TIKA-2466 > URL: https://issues.apache.org/jira/browse/TIKA-2466 > Project: Tika > Issue Type: Improvement > Components: config > Affects Versions: 1.14, 1.15, 1.16 > Reporter: Robert Munteanu > Attachments: 0001-TIKA-2466-Remove-JAXB-usage.patch > > > Starting with Java 9 the {{javax.xml.bind}} classes are now part of the > {{java.se.ee}} module which is not enabled by default. To simplify the Java 9 > integration ( no --add-modules CLI switch, no explicity Java 9 module ) I > propose we simply replace JAXB with something else. > See > https://lists.apache.org/thread.html/72342314e709417bcb777fd3511b700dee443a3a658b730e52f99e38@%3Cuser.tika.apache.org%3E > for more context -- This message was sent by Atlassian JIRA (v6.4.14#64029)