Details
-
Component Upgrade
-
Resolution: Won't Do
-
Major
-
None
-
26.0.0.Beta1
-
None
Description
The current xerces implementation 2.12.0.SP03 is based on a fork of the original one. It does not accept XXE prevention parameters XXE Prevention Java
After xerces is not in use for the whole server but default dependency for major APIs, it can be reverted to the latest Apache standard version 2.12.1 which does support hardening parameters.