Hi,
A developer on the Jersey list pointed out that when using JAXB
unmarshalling with Jersey applications are vulnerable to XXE attacks:
http://markmail.org/search/?q=list
%3Anet.java.dev.jersey.users#query:list%3Anet.java.dev.jersey.users
+page:1+mid:5zgkopanjeaobjv5+state:results
It is not currently clear what app server is being utilized, or if
Grizzly is being utilized.
When applications are deployed in GF are there any defaults w.r.t. to
JAXP configuration or limitations on what files may be accessed from
the application ?
Paul.