changeset 20:ebbc2132d252 jdk6-b11

6755916: Changes for openjdk6 build 11 6542088: JAX-WS server allows XXE attacks Summary: Final b11 state (as defined by the source bundle) Reviewed-by: darcy
author ohair
date Fri, 30 Jan 2009 17:06:04 -0800
parents 819dd8941760
children 041d6eb25b82
files THIRD_PARTY_README src/share/classes/com/sun/xml/internal/ws/api/streaming/XMLStreamReaderFactory.java
diffstat 2 files changed, 1 insertions(+), 10 deletions(-) [+]
line wrap: on
line diff
--- a/THIRD_PARTY_README	Fri Jan 30 17:01:20 2009 -0800
+++ b/THIRD_PARTY_README	Fri Jan 30 17:06:04 2009 -0800
@@ -137,16 +137,6 @@
 The name and trademarks of copyright holders may NOT be used in advertising or publicity pertaining to the software without specific, written prior permission. Title to copyright in this software and any associated documentation will at all times remain with copyright holders.
 ____________________________________
 This formulation of W3C's notice and license became active on August 14 1998 so as to improve compatibility with GPL. This version ensures that W3C software licensing terms are no more restrictive than GPL and consequently W3C software may be distributed in GPL packages. See the older formulation for the policy prior to this date. Please see our Copyright FAQ for common questions about using materials from our site, including specific terms and conditions for packages like libwww, Amaya, and Jigsaw. Other questions about this notice can be directed to site-policy@w3.org.
-
-%% This notice is provided with respect to jscheme.jar, which may be included with this software: 
-Software License Agreement
-Copyright  1998-2002 by Peter Norvig. 
-Permission is granted to anyone to use this software, in source or object code form, on any computer system, and to modify, compile, decompile, run, and redistribute it to anyone else, subject to the following restrictions: 
-1.The author makes no warranty of any kind, either expressed or implied, about the suitability of this software for any purpose.
-2.The author accepts no liability of any kind for damages or other consequences of the use of this software, even if they arise from defects in the software.
-3.The origin of this software must not be misrepresented, either by explicit claim or by omission.
-4.Altered versions must be plainly marked as such, and must not be misrepresented as being the original software. Altered versions may be distributed in packages under other licenses (such as the GNU license). 
-If you find this software useful, it would be nice if you let me (peter@norvig.com) know about it, and nicer still if you send me modifications that you are willing to share. However, you are not required to do so.
 
 
 %% This notice is provided with respect to PC/SC Lite for Suse Linux v. 1.1.1, which may be included with this software: 
--- a/src/share/classes/com/sun/xml/internal/ws/api/streaming/XMLStreamReaderFactory.java	Fri Jan 30 17:01:20 2009 -0800
+++ b/src/share/classes/com/sun/xml/internal/ws/api/streaming/XMLStreamReaderFactory.java	Fri Jan 30 17:06:04 2009 -0800
@@ -60,6 +60,7 @@
     static {
         XMLInputFactory xif = XMLInputFactory.newInstance();
         xif.setProperty(XMLInputFactory.IS_NAMESPACE_AWARE, true);
+        xif.setProperty(XMLInputFactory.SUPPORT_DTD, false);
 
         XMLStreamReaderFactory f=null;