From 3a10e7e8c4210ddba556da7059ee0829e37f274d Mon Sep 17 00:00:00 2001
From: Igor Maznitsa <rrg4400@gmail.com>
Date: Sat, 24 Dec 2022 20:23:22 +0200
Subject: [PATCH] improved security during xml parse

---
 .../java/com/igormaznitsa/mindmap/swing/panel/utils/Utils.java  | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/mind-map/mind-map-swing-panel/src/main/java/com/igormaznitsa/mindmap/swing/panel/utils/Utils.java b/mind-map/mind-map-swing-panel/src/main/java/com/igormaznitsa/mindmap/swing/panel/utils/Utils.java
index 9c57ac42..e75cf741 100644
--- a/mind-map/mind-map-swing-panel/src/main/java/com/igormaznitsa/mindmap/swing/panel/utils/Utils.java
+++ b/mind-map/mind-map-swing-panel/src/main/java/com/igormaznitsa/mindmap/swing/panel/utils/Utils.java
@@ -212,7 +212,7 @@ public static Document loadXmlDocument(final InputStream inStream,
 
     try {
       factory.setFeature("http://apache.org/xml/features/validation/schema", false);
-      factory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", false);
+      factory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
       factory.setFeature("http://apache.org/xml/features/nonvalidating/load-external-dtd", false);
       factory.setFeature("http://xml.org/sax/features/external-general-entities", false);
       factory.setFeature("http://xml.org/sax/features/external-parameter-entities", false);