summaryrefslogtreecommitdiffstats
path: root/config-application-package/src/main/java/com/yahoo/config/application/Xml.java
diff options
context:
space:
mode:
Diffstat (limited to 'config-application-package/src/main/java/com/yahoo/config/application/Xml.java')
-rw-r--r--config-application-package/src/main/java/com/yahoo/config/application/Xml.java1
1 files changed, 1 insertions, 0 deletions
diff --git a/config-application-package/src/main/java/com/yahoo/config/application/Xml.java b/config-application-package/src/main/java/com/yahoo/config/application/Xml.java
index e28c5eac0bb..1cdb54a743c 100644
--- a/config-application-package/src/main/java/com/yahoo/config/application/Xml.java
+++ b/config-application-package/src/main/java/com/yahoo/config/application/Xml.java
@@ -68,6 +68,7 @@ public class Xml {
static DocumentBuilder getPreprocessDocumentBuilder() throws ParserConfigurationException {
DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
+ factory.setFeature("http://xml.org/sax/features/external-general-entities", false); // XXE prevention
factory.setNamespaceAware(true);
factory.setXIncludeAware(false);
factory.setValidating(false);