Repair XXE vulnerability at initialization

zhutougg · Dec 20, 2018 · 2eb0ea9 · 2eb0ea9 · crazyguyonabike · Jan 9, 2019
1 parent 6796e1d
commit 2eb0ea9
Showing 1 changed file with 1 addition and 0 deletions.
diff --git a/src/java/com/mchange/v2/c3p0/cfg/C3P0ConfigXmlUtils.java b/src/java/com/mchange/v2/c3p0/cfg/C3P0ConfigXmlUtils.java
@@ -144,6 +144,7 @@ public static C3P0Config extractXmlConfigFromDefaultResource() throws Exception
     public static C3P0Config extractXmlConfigFromInputStream(InputStream is) throws Exception
     {
         DocumentBuilderFactory fact = DocumentBuilderFactory.newInstance();
+	fact.setExpandEntityReferences(false);
         DocumentBuilder db = fact.newDocumentBuilder();
         Document doc = db.parse( is );