diff --git a/src/main/java/org/codelibs/fess/util/GsaConfigParser.java b/src/main/java/org/codelibs/fess/util/GsaConfigParser.java
index 293212ace..fb39ce5b9 100644
--- a/src/main/java/org/codelibs/fess/util/GsaConfigParser.java
+++ b/src/main/java/org/codelibs/fess/util/GsaConfigParser.java
@@ -26,6 +26,7 @@ import java.util.Map;
 import java.util.regex.Pattern;
 import java.util.stream.Collectors;
 
+import javax.xml.XMLConstants;
 import javax.xml.parsers.SAXParser;
 import javax.xml.parsers.SAXParserFactory;
 
@@ -90,6 +91,7 @@ public class GsaConfigParser extends DefaultHandler {
     public void parse(final InputSource is) {
         try {
             final SAXParserFactory factory = SAXParserFactory.newInstance();
+            factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
             final SAXParser parser = factory.newSAXParser();
             parser.parse(is, this);
         } catch (final Exception e) {