Disable the processing of external entities in SourceHttpMessageConverter by default [SPR-11078]

**[Rossen Stoyanchev](https://jira.spring.io/secure/ViewProfile.jspa?name=rstoya05-aop)** opened **[SPR-11078](https://jira.spring.io/browse/SPR-11078?redirect=false)** and commented

This is a follow-up fix related to the issue reported in #15432.

---

**Affects:** 3.2.4, 4.0 RC1

**Issue Links:**
- #15432 Fix potential security risk when using Spring OXM
- #16003 Jaxb2RootElementHttpMessageConverter is susceptible to XXE vulnerability



Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Disable the processing of external entities in SourceHttpMessageConverter by default [SPR-11078] #15704

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Disable the processing of external entities in SourceHttpMessageConverter by default [SPR-11078] #15704

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions