From 338ab231b228bd36afda4ab31db724c6669579b2 Mon Sep 17 00:00:00 2001
From: Michael Simacek <msimacek@redhat.com>
Date: Tue, 22 May 2018 10:53:28 +0200
Subject: [PATCH 2/2] Disallow loading external DTD

---
 .../src/main/java/org/apache/xmlrpc/util/SAXParsers.java   | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/common/src/main/java/org/apache/xmlrpc/util/SAXParsers.java b/common/src/main/java/org/apache/xmlrpc/util/SAXParsers.java
index b1034e7..49ef5de 100644
--- a/common/src/main/java/org/apache/xmlrpc/util/SAXParsers.java
+++ b/common/src/main/java/org/apache/xmlrpc/util/SAXParsers.java
@@ -48,6 +48,13 @@ public class SAXParsers {
         } catch (org.xml.sax.SAXException e) {
             // Ignore it
 		}
+        try {
+            spf.setFeature("http://apache.org/xml/features/nonvalidating/load-external-dtd", false);
+        } catch (javax.xml.parsers.ParserConfigurationException e) {
+            // Ignore it
+        } catch (org.xml.sax.SAXException e) {
+            // Ignore it
+        }
 	}
 
 	/** Creates a new instance of {@link XMLReader}.
-- 
2.17.0