Upgrade to JAXP 1.5 Breaks Existing Apps
Ali Ebrahimi
ali.ebrahimi1781 at gmail.com
Mon Jun 3 14:39:14 UTC 2013
thanks.
On Mon, Jun 3, 2013 at 2:59 PM, Alan Bateman <Alan.Bateman at oracle.com>wrote:
> On 02/06/2013 22:05, Ali Ebrahimi wrote:
>
>> I update to jdk8b92 and almost all apps deals with xml parsing breaks.
>> in other word, current default value for XMLConstants.ACCESS_EXTERNAL_**
>> DTD
>> property is empty string. This should be at least change to "file".
>>
> Yes, the defaults are problematic and are due to be re-examined (but
> thanks anyway, it's just more evidence that the right thing is to opt-in to
> have more secure processing rather than requiring the rest of the world to
> opt-out).
>
> I don't know if you are on jdk8-dev but Joe Wang posted a note about this
> recently:
>
> http://mail.openjdk.java.net/**pipermail/jdk8-dev/2013-May/**002554.html<http://mail.openjdk.java.net/pipermail/jdk8-dev/2013-May/002554.html>
>
> -Alan.
>
More information about the core-libs-dev
mailing list