Java XXE vulnerability
If I am already using
xmlInputFactory.setProperty(XMLInputFactory.SUPPORT_DTD, false);
then do I also need to use
xmlInputFactory.setProperty("javax.xml.stream.isSupportingExternalEntities", false);
to fix an XXE vulnerability?… Continue reading Java XXE vulnerability