From 983ec3815c89917eacbd2a2e775a656223142db7 Mon Sep 17 00:00:00 2001
From: Chris Hennes <chennes@pioneerlibrarysystem.org>
Date: Mon, 21 Jul 2025 21:20:53 -0500
Subject: [PATCH] Base: Disable default entity resolution

Fixes CWE-611, guards agains XML external entity attacks.
---
 src/Base/Parameter.cpp | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/Base/Parameter.cpp b/src/Base/Parameter.cpp
index 64fafe5610..110b8fc462 100644
--- a/src/Base/Parameter.cpp
+++ b/src/Base/Parameter.cpp
@@ -2094,6 +2094,7 @@ void ParameterManager::CheckDocument() const
         parser.setValidationScheme(XercesDOMParser::Val_Auto);
         parser.setDoNamespaces(true);
         parser.setDoSchema(true);
+        parser.setDisableDefaultEntityResolution(true);
 
         DOMTreeErrorReporter errHandler;
         parser.setErrorHandler(&errHandler);