Enable secure XML parsing

gaul · gaul · commit 11508b2c3afd · 2026-03-17T14:23:10.000-07:00
diff --git a/modernizer-maven-plugin/src/main/java/org/gaul/modernizer_maven_plugin/Modernizer.java b/modernizer-maven-plugin/src/main/java/org/gaul/modernizer_maven_plugin/Modernizer.java
@@ -24,6 +24,7 @@
 import java.util.Set;
 import java.util.regex.Pattern;
 
+import javax.xml.XMLConstants;
 import javax.xml.parsers.DocumentBuilder;
 import javax.xml.parsers.DocumentBuilderFactory;
 import javax.xml.parsers.ParserConfigurationException;
@@ -86,6 +87,7 @@ public static Map<String, Violation> parseFromXml(InputStream is)
         Map<String, Violation> map =
                 new HashMap<String, Violation>();
         DocumentBuilderFactory dbFactory = DocumentBuilderFactory.newInstance();
+        dbFactory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
         DocumentBuilder dBuilder = dbFactory.newDocumentBuilder();
         Document doc = dBuilder.parse(is);
         doc.getDocumentElement().normalize();
