Merge pull request #704 from goldmansachs/xml-security

Disable access to external entities in XML parsing

dmn-core/src/main/java/com/gs/dmn/serialization/jackson/NSElementSerializer.java

@@ -28,6 +28,7 @@ public void serialize(NSElement element, JsonGenerator gen, SerializerProvider s
     private static String toXml(Element element) {
         try {
             TransformerFactory factory = TransformerFactory.newInstance();
+            factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
             factory.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, "");
             factory.setAttribute(XMLConstants.ACCESS_EXTERNAL_SCHEMA, "");
             StringWriter writer = new StringWriter();