Hi! I just started an upgrade of our tomcat, 7.0.47, to 7.0.52 and got into a problem. Tomcat did not want to start our webapp. Looking in the log I see:
Mar 26, 2014 2:10:42 PM org.apache.catalina.startup.ContextConfig parseWebXml SEVERE: Parse error in application web.xml file at jndi:/localhost/bios/WEB-INF/web.xml java.io.FileNotFoundException: Could not resolve XML resource [null] with public ID [null], system ID [dpservices.xml] and base URI [jndi:/localhost/bios/WEB-INF/web.xml]
to a known, local entity. Not very helpful! Looking in our web.xml I find that it starts with: <?xml version="1.0"?> <!DOCTYPE web-app [ <!ENTITY service SYSTEM "dpservices.xml">]> ... Checking the directory and the dpservices.xml file is there. After a bit of git cloning, git grep:ing and similar I find that: "7.0.51:Change default value of |xmlBlockExternal| attribute of Context. It is |true| now" There is no bug referenced so I am not sure why this change was made. Is there some security problem with external entities that I should know of? Is there a bug where I can read more? (I can not been able to find anything specific to this from google). Setting xmlBlockExternal="false" in the context makes things start up as they should again and I can continue with testing the new version. It would be nicer if the parse error also said something like "...external entities are not allowed, check the xmlBlockExternal context property..." /robo
