users@jersey.java.net

Re: [Jersey] Re: SAX Feature error in Jersey 1.1.4.1

From: Paul Sandoz <Paul.Sandoz_at_Sun.COM>
Date: Mon, 01 Mar 2010 13:07:05 +0100

On Feb 20, 2010, at 12:01 AM, Mike Baranczak wrote:

>
> I just ran into this same problem myself. Just to clarify, for
> whoever comes
> along and reads this - the following parameter needs to be added to
> the
> ServletContainer servlet, NOT to the web context.
>
>
>
>>
>> <param-name>com.sun.jersey.config.feature.DisableXmlSecurity</param-
>> name>
>> <param-value>true</param-value>
>>
>
> Also, this thread's title refers to Jersey 1.1.4.1 - I can confirm
> that the
> bug still exists in 1.1.5.

Note that this is not a bug in Jersey. It is deliberate behavior that
forces one to resolve security vulnerabilities or take responsibility
for deployment with such vulnerabilities present.

Paul.

> --
> View this message in context: http://n2.nabble.com/SAX-Feature-error-in-Jersey-1-1-4-1-tp4581700p4600567.html
> Sent from the Jersey mailing list archive at Nabble.com.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe_at_jersey.dev.java.net
> For additional commands, e-mail: users-help_at_jersey.dev.java.net
>