Re: [Jersey] SAX Feature error in Jersey

From: Phil Griffin <>
Date: Tue, 16 Feb 2010 17:06:17 -0700

Hi Paul,
Thanks for the reply. It's a little hard to confirm what version the SAX
parser is...looks like it could be Xerces 2.8.1?
Is it likely the change in behavior occurred between Jersey 1.0.2 and If so, what version of Xerces would be compatible?


On 2/16/2010 2:15 PM, Paul Sandoz wrote:
> Hi Phil,
> What is the implementation and version of the SAX parser you are using?
> This warning is important because Jersey cannot configure the parsing
> to protect against certain XML-based denial of service attacks. So if
> you are building public-facing services that consume XML your
> application could be at risk.
> Currently the only way to disable this is to disable JDK logging.
> If you really need this disabled can you log a enhancement and we can
> had a feature to disable security-based configuration?
> Paul.
> On Feb 16, 2010, at 6:54 PM, Phil Griffin wrote:
>> I recently updated our Jersey jars to and began getting a
>> JAXP parser registry exception for a non-supported feature (in the
>> factory I'm required to use). Is there a way to disable the
>> com.sun.jersey.core.provider.jaxb.AbstractJAXBProvider or Jersey from
>> expecting this feature?
>> WebLogicSAXParser cannot be created.SAX feature
>> /@ &#39;'
>> <> not supported
>> Thanks,
>> Phil
>> /