Merge pull request #24 from jenkinsci/SECURITY-2832

SECURITY-2832: Fix for XXE Vulnerability

src/main/java/com/compuware/jenkins/common/utils/CLIVersionUtils.java

@@ -189,6 +189,8 @@ private static String parseXml(InputStream versionfile) throws IOException
 		try
 		{
 		    DocumentBuilderFactory dbFactory = DocumentBuilderFactory.newInstance();
+		    dbFactory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true); 
+		    dbFactory.setFeature("http://xml.org/sax/features/external-general-entities", false);
 		    DocumentBuilder dBuilder = dbFactory.newDocumentBuilder();
 		    Document document = dBuilder.parse(versionfile);