Closed malathigv closed 2 years ago
Older XML parsers lack the setFeature
method. The setFeature
method is called to disable entity support in the parser in order to prevent XXE attacks. The solution is to use a more recent XML parser.
Thank you for yuor response. Is there any response for such queries instead of raising it as an issue? It would be more useful if we get such explanations and resolution for all the changes done to prevent the attacks.
Once i replace log4j1.x with reload4j, the application is unable to parse ang log4j.xml file giving the below exception. log4j:ERROR Failed to parse XML file. Missing DocumentBuilderFactory.setFeature() method?
java.lang.AbstractMethodError: javax.xml.parsers.DocumentBuilderFactory.setFeature(Ljava/lang/String;Z)V