https://bz.apache.org/bugzilla/show_bug.cgi?id=64541
--- Comment #2 from Valentin <vdimit...@axway.com> --- We're setting the entityExpansionLimit in a jaxp.properties file under '/jre/conf/'. Our product relies on security and the code scanners of our clients require us to use the value 1, which with the current version 7.0.104 of Tomcat is impossible.Тhe minimum value, in order to resolve the errors in the log, for the property is 20, which in all cases can't be good (Billion laughs and possible denial of service is possible with a value of 10). We checked the property and it seems that the system property overrides the jaxp.properties file. -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org