Some Eclipse Foundation services are deprecated, or will be soon. Please ensure you've read this important communication.

Bug 336781

Summary: If xml parser is not validating, turn of external dtd resolution
Product: [RT] Jetty Reporter: Jan Bartel <janb>
Component: serverAssignee: Jan Bartel <janb>
Status: RESOLVED FIXED QA Contact:
Severity: normal    
Priority: P3 CC: jetty-inbox
Version: 7.2.2   
Target Milestone: 7.3.x   
Hardware: All   
OS: All   
Whiteboard:

Description Jan Bartel CLA 2011-02-10 01:44:40 EST 
As a precaution, use http://apache.org/xml/features/nonvalidating/load-external-dtd with the xml parser to ensure that even if not validating, we don't try and load the xsds and dtds from an external source.
Comment 1 Jan Bartel CLA 2011-02-10 02:50:12 EST 
Fixed in rev  2770.