%!s(int64=4) %!d(string=hai) anos · e13f0a220d
--- a/src/main/java/org/codelibs/fess/ds/DataStoreFactory.java
+++ b/src/main/java/org/codelibs/fess/ds/DataStoreFactory.java
@@ -89,6 +89,8 @@ public class DataStoreFactory {
 
															                 try (InputStream is = Files.newInputStream(xmlPath)) {
														
 
															                     final DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
														
 
															                     factory.setFeature(org.codelibs.fess.crawler.Constants.FEATURE_SECURE_PROCESSING, true);
														
 
															+                    factory.setFeature(org.codelibs.fess.crawler.Constants.FEATURE_EXTERNAL_GENERAL_ENTITIES, false);
														
 
															+                    factory.setFeature(org.codelibs.fess.crawler.Constants.FEATURE_EXTERNAL_PARAMETER_ENTITIES, false);
														
 
															                     factory.setFeature(Constants.XERCES_FEATURE_PREFIX + Constants.LOAD_EXTERNAL_DTD_FEATURE, false);
														
 
															                     final DocumentBuilder builder = factory.newDocumentBuilder();
														
--- a/src/main/java/org/codelibs/fess/helper/PluginHelper.java
+++ b/src/main/java/org/codelibs/fess/helper/PluginHelper.java
@@ -125,6 +125,8 @@ public class PluginHelper {
 
															             try (final InputStream is = new ByteArrayInputStream(pluginMetaContent.getBytes(Constants.UTF_8_CHARSET))) {
														
 
															                 final DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
														
 
															                 factory.setFeature(Constants.FEATURE_SECURE_PROCESSING, true);
														
 
															+                factory.setFeature(Constants.FEATURE_EXTERNAL_GENERAL_ENTITIES, false);
														
 
															+                factory.setFeature(Constants.FEATURE_EXTERNAL_PARAMETER_ENTITIES, false);
														
 
															                 factory.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, StringUtil.EMPTY);
														
 
															                 factory.setAttribute(XMLConstants.ACCESS_EXTERNAL_SCHEMA, StringUtil.EMPTY);
														
 
															                 final DocumentBuilder builder = factory.newDocumentBuilder();
														
--- a/src/main/java/org/codelibs/fess/util/GsaConfigParser.java
+++ b/src/main/java/org/codelibs/fess/util/GsaConfigParser.java
@@ -92,6 +92,8 @@ public class GsaConfigParser extends DefaultHandler {
 
															         try {
														
 
															             final SAXParserFactory factory = SAXParserFactory.newInstance();
														
 
															             factory.setFeature(org.codelibs.fess.crawler.Constants.FEATURE_SECURE_PROCESSING, true);
														
 
															+            factory.setFeature(org.codelibs.fess.crawler.Constants.FEATURE_EXTERNAL_GENERAL_ENTITIES, false);
														
 
															+            factory.setFeature(org.codelibs.fess.crawler.Constants.FEATURE_EXTERNAL_PARAMETER_ENTITIES, false);
														
 
															             final SAXParser parser = factory.newSAXParser();
														
 
															             parser.setProperty(XMLConstants.ACCESS_EXTERNAL_DTD, StringUtil.EMPTY);
														
 
															             parser.setProperty(XMLConstants.ACCESS_EXTERNAL_SCHEMA, StringUtil.EMPTY);