Weakly Configured XML External Entity for Java JAXBContext

[Barani Bikshandi]

I was notified of a security issue recently in the below package. Is there a 
plan to fix this vulnerability in near future? 

Risk Name
Weakly Configured XML External Entity for Java JAXBContext

Vulnerability
An attacker can inject untrusted data into applications which may result in the 
disclosure of confidential data, denial of service, server side request 
forgeries or port scanning.

Code:
/hbase/hbase-server/src/main/java/org/apache/hadoop/hbase/rest/client/RemoteAdmin.java

Mitigation:
We require that XML processors need to be configured properly to prevent XXE 
(XML External Entity) attack when an application handles data from untrusted 
source.