From 1940ffb938dc4f3f5bc5f2a2fd8b35aabbbae3dd Mon Sep 17 00:00:00 2001
From: Haxatron <haxatron1@gmail.com>
Date: Sat, 15 Jan 2022 22:10:35 -0800
Subject: [PATCH] Fix XML schema vulnerability

---
 src/edu/stanford/nlp/util/XMLUtils.java | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/edu/stanford/nlp/util/XMLUtils.java b/src/edu/stanford/nlp/util/XMLUtils.java
index 520990477b..137b85546b 100644
--- a/src/edu/stanford/nlp/util/XMLUtils.java
+++ b/src/edu/stanford/nlp/util/XMLUtils.java
@@ -302,6 +302,7 @@ public static DocumentBuilder getValidatingXmlParser(File schemaFile) {
       DocumentBuilderFactory dbf = safeDocumentBuilderFactory();
 
       SchemaFactory factory = SchemaFactory.newInstance(XMLConstants.W3C_XML_SCHEMA_NS_URI);
+      factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
       Schema schema = factory.newSchema(schemaFile);
       dbf.setSchema(schema);