diff --git a/apps/xmlsec.c b/apps/xmlsec.c
index 0969af3c6..e22637a16 100644
--- a/apps/xmlsec.c
+++ b/apps/xmlsec.c
@@ -1356,7 +1356,14 @@ xmlSecAppExecute(xmlSecAppCommand command, const char** utf8_argv, int argc) {
 
     /* enable XXE? */
     if(xmlSecAppCmdLineParamIsSet(&xxeParam)) {
-        xmlSecSetExternalEntityLoader( NULL );     // reset to libxml2's default handler
+        /* new parser option XML_PARSE_NO_XXE available since 2.13.0 */
+#if LIBXML_VERSION < 21300
+        xmlSecSetExternalEntityLoader(NULL);     /* reset to libxml2's default handler */
+#else  /* LIBXML_VERSION < 21300 */
+        int options = xmlSecParserGetDefaultOptions();
+        options &= (~(XML_PARSE_NO_XXE));
+        xmlSecParserSetDefaultOptions(options);
+#endif /* LIBXML_VERSION < 21300 */
     }
 
     /* enable verbose mode? */
diff --git a/configure.ac b/configure.ac
index f71c4aee3..24a0bc7cf 100644
--- a/configure.ac
+++ b/configure.ac
@@ -35,10 +35,12 @@ dnl
 dnl Check the environment
 dnl
 AC_PROG_CC
+AC_EGREP_CPP(yes, foo)
 AC_PROG_INSTALL
 LT_INIT
 AC_PROG_EGREP
 
+
 LT_INIT
 
 dnl
@@ -249,13 +251,14 @@ else
     AC_MSG_RESULT("no")
 fi
 
+
 dnl ==========================================================================
 dnl Check if pkg-config is enabled and installed
 dnl ==========================================================================
 PKGCONFIG_FOUND="no"
 AC_ARG_ENABLE([pkgconfig], [AS_HELP_STRING([--enable-pkgconfig],[enable pkgconfig for configuration (yes)])])
 if test "z$enable_pkgconfig" != "zno" ; then
-    PKG_PROG_PKG_CONFIG
+    PKG_PROG_PKG_CONFIG()
     PKGCONFIG_FOUND="yes"
 else
     PKGCONFIG_FOUND="no"
@@ -322,40 +325,42 @@ LIBXML_LIB_PATH=
 LIBXML_CONFIG_PATH=
 LIBXML_FOUND="no"
 AC_ARG_WITH([libxml], [AS_HELP_STRING([--with-libxml@<:@=PFX@:>@],[libxml2 location])])
-AC_ARG_WITH([libxml-src], [AS_HELP_STRING([--with-libxml-src@<:@=PFX@:>@],[libxml2 source tree location])])
-
 dnl Priority 0: LibXML2 is disabled: hard error.
 if test "z$with_libxml" = "zno" -o "z$with_libxml_src" = "zno"; then
     LIBXML_FOUND="disabled"
 fi
 
-dnl Priority 1: User specifies the path to source code
-if test "z$LIBXML_FOUND" = "zno" -a "z$with_libxml_src" != "z" -a "z$with_libxml_src" != "zyes" ; then
-    AC_MSG_CHECKING(for libxml2 library source tree in "$with_libxml_src" folder)
-    if test [ -f "$with_libxml_src/include/$LIBXML_INCLUDE_MARKER" ] -a [ -f "$with_libxml_src/.libs/$LIBXML_SHARED_LIB_MARKER" -o -f "$with_libxml_src/.libs/$LIBXML_STATIC_LIB_MARKER"] ; then
-        LIBXML_INCLUDE_PATH="$with_libxml_src/include"
-        LIBXML_LIB_PATH="$with_libxml_src/.libs"
-        LIBXML_FOUND="yes"
-        AC_MSG_RESULT([yes])
-    else
-        AC_MSG_ERROR([not found: "$with_libxml_src/include/$LIBXML_INCLUDE_MARKER" or "$with_libxml_src/.libs/$LIBXML_SHARED_LIB_MARKER" or "$with_libxml_src/.libs/$LIBXML_STATIC_LIB_MARKER" files don't exist), typo?])
-    fi
-fi
-
-dnl Priority 2: User specifies path to installation
+dnl Priority 1: User specifies path to installation (--with-libxml)
 if test "z$LIBXML_FOUND" = "zno" -a "z$with_libxml" != "z" -a "z$with_libxml" != "zyes" ; then
     AC_MSG_CHECKING(for libxml2 library installation in "$with_libxml" folder)
     if test "z$ENABLE_CUSTOM_CONFIGS" = "zyes" -a -f "$with_libxml/bin/$LIBXML_CONFIG" ; then
         LIBXML_CONFIG_PATH="$with_libxml/bin/$LIBXML_CONFIG"
         LIBXML_FOUND="yes"
-        AC_MSG_RESULT([yes])
+        AC_MSG_RESULT([yes ("$with_libxml/bin/$LIBXML_CONFIG")])
     elif test [ -f "$with_libxml/include/libxml2/$LIBXML_INCLUDE_MARKER" ] -a [ -f "$with_libxml/lib/$LIBXML_SHARED_LIB_MARKER" -o -f "$with_libxml/lib/$LIBXML_STATIC_LIB_MARKER" ] ; then
         LIBXML_INCLUDE_PATH="$with_libxml/include/libxml2"
         LIBXML_LIB_PATH="$with_libxml/lib"
         LIBXML_FOUND="yes"
-        AC_MSG_RESULT([yes])
+        AC_MSG_RESULT([yes ("$with_libxml")])
     else
-        AC_MSG_ERROR([not found: "$with_libxml/bin/$LIBXML_CONFIG" tool, or "$with_libxml/include/libxml2/$LIBXML_INCLUDE_MARKER" and/or "$with_libxml/lib/$LIBXML_SHARED_LIB_MARKER" or "$with_libxml/lib/$LIBXML_STATIC_LIB_MARKER" files don't exist), typo?])
+        AC_MSG_ERROR([not found: "$with_libxml/bin/$LIBXML_CONFIG" tool, or "$with_libxml/include/libxml2/$LIBXML_INCLUDE_MARKER" and/or "$with_libxml/lib/$LIBXML_SHARED_LIB_MARKER" or "$with_libxml/lib/$LIBXML_STATIC_LIB_MARKER"])
+    fi
+fi
+
+dnl Priority 2: User specifies path to installation (--with-libxml2)
+if test "z$LIBXML_FOUND" = "zno" -a "z$with_libxml2" != "z" -a "z$with_libxml2" != "zyes" ; then
+    AC_MSG_CHECKING(for libxml2 library installation in "$with_libxml2" folder)
+    if test "z$ENABLE_CUSTOM_CONFIGS" = "zyes" -a -f "$with_libxml2/bin/$LIBXML_CONFIG" ; then
+        LIBXML_CONFIG_PATH="$with_libxml2/bin/$LIBXML_CONFIG"
+        LIBXML_FOUND="yes"
+        AC_MSG_RESULT([yes ("$with_libxml2/bin/$LIBXML_CONFIG")])
+    elif test [ -f "$with_libxml2/include/libxml2/$LIBXML_INCLUDE_MARKER" ] -a [ -f "$with_libxml2/lib/$LIBXML_SHARED_LIB_MARKER" -o -f "$with_libxml2/lib/$LIBXML_STATIC_LIB_MARKER" ] ; then
+        LIBXML_INCLUDE_PATH="$with_libxml2/include/libxml2"
+        LIBXML_LIB_PATH="$with_libxml2/lib"
+        LIBXML_FOUND="yes"
+        AC_MSG_RESULT([yes ("$with_libxml2")])
+    else
+        AC_MSG_ERROR([not found: "$with_libxml2/bin/$LIBXML_CONFIG" tool, or "$with_libxml2/include/libxml2/$LIBXML_INCLUDE_MARKER" and/or "$with_libxml2/lib/$LIBXML_SHARED_LIB_MARKER" or "$with_libxml2/lib/$LIBXML_STATIC_LIB_MARKER"])
     fi
 fi
 
@@ -499,56 +504,42 @@ LIBXSLT_LIB_PATH=
 LIBXSLT_CONFIG_PATH=
 LIBXSLT_FOUND="no"
 AC_ARG_WITH([libxslt], [AS_HELP_STRING([--with-libxslt@<:@=PFX@:>@],[libxslt location])])
-AC_ARG_WITH([libxslt-src], [AS_HELP_STRING([--with-libxslt-src@<:@=PFX@:>@],[libxslt source tree location])])
 
 dnl Priority 0: Check if library is not needed
 if test "z$with_libxslt" = "zno" -o "z$with_libxslt_src" = "zno" ; then
     LIBXSLT_FOUND="disabled"
 fi
 
-dnl Priority 1: User specifies the path to source code
-if test "z$LIBXSLT_FOUND" = "zno" -a "z$with_libxslt_src" != "z" -a "z$with_libxslt_src" != "zyes" ; then
-    AC_MSG_CHECKING(for libxslt library source tree in "$with_libxslt_src" folder)
-    if test [ -f "$with_libxslt_src/$LIBXSLT_INCLUDE_MARKER" ] -a [ -f "$with_libxslt_src/libxslt/.libs/$LIBXSLT_SHARED_LIB_MARKER" -o -f "$with_libxslt_src/libxslt/.libs/$LIBXSLT_STATIC_LIB_MARKER" ] ; then
-        LIBXSLT_INCLUDE_PATH="$with_libxslt_src"
-        LIBXSLT_LIB_PATH="$with_libxslt_src/libxslt/.libs"
-        LIBXSLT_FOUND="yes"
-        AC_MSG_RESULT([yes])
-    else
-        AC_MSG_ERROR([not found: "$with_libxslt_src/$LIBXSLT_INCLUDE_MARKER" and/or "$with_libxslt_src/libxslt/.libs/$LIBXSLT_SHARED_LIB_MARKER" or "$with_libxslt_src/libxslt/.libs/$LIBXSLT_STATIC_LIB_MARKER" files don't exist), typo?])
-    fi
-fi
-
-dnl Priority 2: User specifies path to installation
+dnl Priority 1: User specifies path to installation
 if test "z$LIBXSLT_FOUND" = "zno" -a "z$with_libxslt" != "z" -a "z$with_libxslt" != "zyes" ; then
     AC_MSG_CHECKING(for libxslt library installation in "$with_libxslt" folder)
     if test "z$ENABLE_CUSTOM_CONFIGS" = "zyes" -a -f "$with_libxslt/bin/$LIBXSLT_CONFIG" ; then
         LIBXSLT_CONFIG_PATH="$with_libxslt/bin/$LIBXSLT_CONFIG"
         LIBXSLT_FOUND="yes"
-        AC_MSG_RESULT([yes])
+        AC_MSG_RESULT([yes ($with_libxslt/bin/$LIBXSLT_CONFIG)])
     elif test [ -f "$with_libxslt/include/$LIBXSLT_INCLUDE_MARKER" ] -a [ -f "$with_libxslt/lib/$LIBXSLT_SHARED_LIB_MARKER" -o -f "$with_libxslt/lib/$LIBXSLT_STATIC_LIB_MARKER" ] ; then
         LIBXSLT_INCLUDE_PATH="$with_libxslt/include"
         LIBXSLT_LIB_PATH="$with_libxslt/lib"
         LIBXSLT_FOUND="yes"
-        AC_MSG_RESULT([yes])
+        AC_MSG_RESULT([ye ($with_libxslt)])
     else
-        AC_MSG_ERROR([not found: "$with_libxslt/bin/$LIBXSLT_CONFIG" tool, or "$with_libxslt/include/$LIBXSLT_INCLUDE_MARKER" and/or "$with_libxslt/lib/$LIBXSLT_SHARED_LIB_MARKER" or "$with_libxslt/lib/$LIBXSLT_STATIC_LIB_MARKER" files don't exist), typo?])
+        AC_MSG_ERROR([not found: "$with_libxslt/bin/$LIBXSLT_CONFIG" tool, or "$with_libxslt/include/$LIBXSLT_INCLUDE_MARKER" and/or "$with_libxslt/lib/$LIBXSLT_SHARED_LIB_MARKER" or "$with_libxslt/lib/$LIBXSLT_STATIC_LIB_MARKER"])
     fi
 fi
 
-dnl Priority 3: User sets both CFLAGS and LIBS flags
+dnl Priority 2: User sets both CFLAGS and LIBS flags
 if test "z$LIBXSLT_FOUND" = "zno" -a  "z$LIBXSLT_CFLAGS" != "z" -a "z$LIBXSLT_LIBS" != "z" ; then
     LIBXSLT_FOUND="yes"
 fi
 
-dnl Priority 4: Guess with pkg_config
+dnl Priority 3: Guess with pkg_config
 if test "z$LIBXSLT_FOUND" = "zno" -a "z$PKGCONFIG_FOUND" = "zyes" ; then
     PKG_CHECK_MODULES(LIBXSLT, libxslt >= $LIBXSLT_MIN_VERSION,
         [LIBXSLT_FOUND=yes],
         [LIBXSLT_FOUND=no])
 fi
 
-dnl Priority 5: Guess the config tool location
+dnl Priority 4: Guess the config tool location
 if test "z$LIBXSLT_FOUND" = "zno" -a "z$ENABLE_CUSTOM_CONFIGS" = "zyes" ; then
     AC_PATH_PROG(LIBXSLT_CONFIG_PATH, [$LIBXSLT_CONFIG], [], [$PATH])
     if test "z$LIBXSLT_CONFIG_PATH" != "z" ; then
@@ -556,7 +547,7 @@ if test "z$LIBXSLT_FOUND" = "zno" -a "z$ENABLE_CUSTOM_CONFIGS" = "zyes" ; then
     fi
 fi
 
-dnl Priority 6: Guess using a list of folders.
+dnl Priority 5: Guess using a list of folders.
 if test "z$LIBXSLT_FOUND" = "zno" -a "z$ENABLE_FOLDERS_SEARCH" = "zyes" ; then
     AC_MSG_CHECKING(for libxslt library installation in the typical folders)
     if test "z$LIBXSLT_INCLUDE_PATH" = "z" ; then
@@ -576,7 +567,7 @@ if test "z$LIBXSLT_FOUND" = "zno" -a "z$ENABLE_FOLDERS_SEARCH" = "zyes" ; then
     fi
 fi
 
-dnl Priority 7: Just try to compile/link and hope for the best
+dnl Priority 6: Just try to compile/link and hope for the best
 if test "z$LIBXSLT_FOUND" = "zno" ; then
     AC_MSG_CHECKING(for libxslt library installation)
     OLD_CPPFLAGS=$CPPFLAGS
@@ -718,7 +709,7 @@ if test "z$OPENSSL_FOUND" = "zno" -a "z$with_openssl" != "z" -a "z$with_openssl"
         OPENSSL_FOUND="yes"
         AC_MSG_RESULT([yes])
     else
-        AC_MSG_ERROR([not found: "$with_openssl/include/$OPENSSL_INCLUDE_MARKER" or "$with_openssl/lib(64)/$OPENSSL_LIB_SHARED_MARKER" or "$with_openssl/lib(64)/$OPENSSL_LIB_STATIC_MARKER" files don't exist), typo?])
+        AC_MSG_ERROR([not found: "$with_openssl/include/$OPENSSL_INCLUDE_MARKER" or "$with_openssl/lib(64)/$OPENSSL_LIB_SHARED_MARKER" or "$with_openssl/lib(64)/$OPENSSL_LIB_STATIC_MARKER"])
     fi
 fi
 
@@ -964,7 +955,7 @@ if test "z$NSPR_FOUND" = "zno" -a "z$with_nspr" != "z" -a "z$with_nspr" != "zyes
         NSPR_FOUND="yes"
         AC_MSG_RESULT([yes])
     else
-        AC_MSG_ERROR([not found: "$with_nspr/include/$NSPR_INCLUDE_MARKER" and/or "$with_nspr/lib/$NSPR_LIB_MARKER" files don't exist), typo?])
+        AC_MSG_ERROR([not found: "$with_nspr/include/$NSPR_INCLUDE_MARKER" and/or "$with_nspr/lib/$NSPR_LIB_MARKER"])
     fi
 fi
 if test "z$NSS_FOUND" = "zno" -a "z$with_nss" != "z" -a "z$with_nss" != "zyes" ; then
@@ -975,7 +966,7 @@ if test "z$NSS_FOUND" = "zno" -a "z$with_nss" != "z" -a "z$with_nss" != "zyes" ;
         NSS_FOUND="yes"
         AC_MSG_RESULT([yes])
     else
-        AC_MSG_ERROR([not found: "$with_nss/include/$NSS_INCLUDE_MARKER" and/or "$with_nss/lib/$NSS_LIB_MARKER" files don't exist), typo?])
+        AC_MSG_ERROR([not found: "$with_nss/include/$NSS_INCLUDE_MARKER" and/or "$with_nss/lib/$NSS_LIB_MARKER"])
     fi
 fi
 
@@ -1254,7 +1245,7 @@ if test "z$GNUTLS_FOUND" = "zno" -a "z$with_gnutls" != "z" -a "z$with_gnutls" !=
         GNUTLS_FOUND="yes"
         AC_MSG_RESULT([yes])
     else
-        AC_MSG_ERROR([not found: "$with_gnutls/bin/$GNUTLS_CONFIG" tool, or "$with_gnutls/include/$GNUTLS_INCLUDE_MARKER" and/or "$with_gnutls/lib/$GNUTLS_LIB_MARKER" files don't exist), typo?])
+        AC_MSG_ERROR([not found: "$with_gnutls/bin/$GNUTLS_CONFIG" tool, or "$with_gnutls/include/$GNUTLS_INCLUDE_MARKER" and/or "$with_gnutls/lib/$GNUTLS_LIB_MARKER"])
     fi
 fi
 
@@ -1567,7 +1558,7 @@ if test "z$GCRYPT_FOUND" = "zno" -a "z$with_gcrypt" != "z" -a "z$with_gcrypt" !=
         GCRYPT_FOUND="yes"
         AC_MSG_RESULT([yes])
     else
-        AC_MSG_ERROR([not found: "$with_gcrypt/bin/$GCRYPT_CONFIG" tool, or "$with_gcrypt/include/$GCRYPT_INCLUDE_MARKER" and/or "$with_gcrypt/lib/$GCRYPT_LIB_MARKER" files don't exist), typo?])
+        AC_MSG_ERROR([not found: "$with_gcrypt/bin/$GCRYPT_CONFIG" tool, or "$with_gcrypt/include/$GCRYPT_INCLUDE_MARKER" and/or "$with_gcrypt/lib/$GCRYPT_LIB_MARKER"])
     fi
 fi
 
@@ -2378,7 +2369,7 @@ if test "z$LIBLTDL_FOUND" = "zno" -a "z$with_libltdl" != "z" -a "z$with_libltdl"
         LIBLTDL_FOUND="yes"
         AC_MSG_RESULT([yes])
     else
-        AC_MSG_ERROR([not found: "$with_libltdl/include/$LIBLTDL_INCLUDE_MARKER" file doesn't exist), typo?])
+        AC_MSG_ERROR([not found: "$with_libltdl/include/$LIBLTDL_INCLUDE_MARKER"])
     fi
 fi
 
diff --git a/include/xmlsec/private.h b/include/xmlsec/private.h
index d7bc24060..a23c0002a 100644
--- a/include/xmlsec/private.h
+++ b/include/xmlsec/private.h
@@ -654,13 +654,13 @@ struct _xmlSecCryptoDLFunctions {
  *
  * Macro used to signal to GCC unused function parameters
  */
-#ifdef __GNUC__
 #ifndef ATTRIBUTE_UNUSED
+#ifdef __GNUC__
+#define ATTRIBUTE_UNUSED __attribute__((unused))
+#else  /* __GNUC__ */
 #define ATTRIBUTE_UNUSED
-#endif
-#else
-#define ATTRIBUTE_UNUSED
-#endif
+#endif /* __GNUC__ */
+#endif  /* ATTRIBUTE_UNUSED */
 
 /**
  * UNREFERENCED_PARAMETER:
diff --git a/include/xmlsec/xmlsec.h b/include/xmlsec/xmlsec.h
index 9cce53318..14b7cd730 100644
--- a/include/xmlsec/xmlsec.h
+++ b/include/xmlsec/xmlsec.h
@@ -22,6 +22,26 @@
 extern "C" {
 #endif /* __cplusplus */
 
+/**
+ * XMLSEC_DEPRECATED:
+ *
+ * Marks function as deprecated.
+ */
+#if !defined(IN_XMLSEC) && !defined(IN_XMLSEC_CRYPTO)
+#if defined(__GNUC__)
+#define XMLSEC_DEPRECATED __attribute__((deprecated))
+#elif defined(__clang__)
+#define XMLSEC_DEPRECATED __attribute__((deprecated))
+#elif defined(_MSC_VER)
+#define XMLSEC_DEPRECATED __declspec(deprecated)
+#else /* defined(_MSC_VER) */
+#warning "WARNING: You need to implement XMLSEC_DEPRECATED for this compiler"
+#define XMLSEC_DEPRECATED
+#endif /* defined(_MSC_VER) */
+#else  /* !defined(IN_XMLSEC) && !defined(IN_XMLSEC_CRYPTO) */
+#define XMLSEC_DEPRECATED
+#endif /* !defined(IN_XMLSEC) && !defined(IN_XMLSEC_CRYPTO) */
+
 /***********************************************************************
  *
  * Basic types to make ports to exotic platforms easier
@@ -93,28 +113,11 @@ typedef struct _xmlSecEncCtx                    xmlSecEncCtx, *xmlSecEncCtxPtr;
 XMLSEC_EXPORT int                               xmlSecInit              (void);
 XMLSEC_EXPORT int                               xmlSecShutdown          (void);
 XMLSEC_EXPORT const xmlChar *                   xmlSecGetDefaultCrypto  (void);
+
 XMLSEC_EXPORT void                              xmlSecSetExternalEntityLoader (xmlExternalEntityLoader entityLoader);
 XMLSEC_EXPORT xmlSecSize                        xmlSecStrlen            (const xmlChar * str);
 
-/**
- * XMLSEC_DEPRECATED:
- *
- * Marks function as deprecated.
- */
-#if !defined(IN_XMLSEC) && !defined(IN_XMLSEC_CRYPTO)
-#if defined(__GNUC__)
-#define XMLSEC_DEPRECATED __attribute__((deprecated))
-#elif defined(__clang__)
-#define XMLSEC_DEPRECATED __attribute__((deprecated))
-#elif defined(_MSC_VER)
-#define XMLSEC_DEPRECATED __declspec(deprecated)
-#else /* defined(_MSC_VER) */
-#warning "WARNING: You need to implement XMLSEC_DEPRECATED for this compiler"
-#define XMLSEC_DEPRECATED
-#endif /* defined(_MSC_VER) */
-#else  /* !defined(IN_XMLSEC) && !defined(IN_XMLSEC_CRYPTO) */
-#define XMLSEC_DEPRECATED
-#endif /* !defined(IN_XMLSEC) && !defined(IN_XMLSEC_CRYPTO) */
+
 
 /***********************************************************************
  *
diff --git a/src/gcrypt/signatures.c b/src/gcrypt/signatures.c
index 3cfe52930..d09aeb668 100644
--- a/src/gcrypt/signatures.c
+++ b/src/gcrypt/signatures.c
@@ -22,6 +22,7 @@
 #include <xmlsec/keys.h>
 #include <xmlsec/transforms.h>
 #include <xmlsec/errors.h>
+#include <xmlsec/private.h>
 
 #include <xmlsec/gcrypt/crypto.h>
 
diff --git a/src/gcrypt/symkeys.c b/src/gcrypt/symkeys.c
index cb2c1e69a..49083a42a 100644
--- a/src/gcrypt/symkeys.c
+++ b/src/gcrypt/symkeys.c
@@ -22,6 +22,7 @@
 #include <xmlsec/keyinfo.h>
 #include <xmlsec/transforms.h>
 #include <xmlsec/errors.h>
+#include <xmlsec/private.h>
 
 #include <xmlsec/gcrypt/crypto.h>
 #include "../keysdata_helpers.h"
diff --git a/src/gnutls/asymkeys.c b/src/gnutls/asymkeys.c
index 511f03066..d23a53fe3 100644
--- a/src/gnutls/asymkeys.c
+++ b/src/gnutls/asymkeys.c
@@ -27,6 +27,7 @@
 #include <xmlsec/keys.h>
 #include <xmlsec/transforms.h>
 #include <xmlsec/xmltree.h>
+#include <xmlsec/private.h>
 
 #include <xmlsec/gnutls/crypto.h>
 
diff --git a/src/gnutls/keysstore.c b/src/gnutls/keysstore.c
index 4472cfe7b..4c391683a 100644
--- a/src/gnutls/keysstore.c
+++ b/src/gnutls/keysstore.c
@@ -25,6 +25,7 @@
 #include <xmlsec/base64.h>
 #include <xmlsec/errors.h>
 #include <xmlsec/keysmngr.h>
+#include <xmlsec/private.h>
 
 #include <xmlsec/gnutls/crypto.h>
 #include <xmlsec/gnutls/keysstore.h>
diff --git a/src/keysmngr.c b/src/keysmngr.c
index 635669fbf..92a3cccad 100644
--- a/src/keysmngr.c
+++ b/src/keysmngr.c
@@ -30,6 +30,7 @@
 #include <xmlsec/transforms.h>
 #include <xmlsec/keysmngr.h>
 #include <xmlsec/errors.h>
+#include <xmlsec/parser.h>
 #include <xmlsec/private.h>
 
 #include "cast_helpers.h"
@@ -503,7 +504,7 @@ xmlSecSimpleKeysStoreLoad_ex(xmlSecKeyStorePtr store, const char *uri,
     xmlSecAssert2(adoptKeyFunc != NULL, -1);
     UNREFERENCED_PARAMETER(keysMngr);
 
-    doc = xmlReadFile(uri, NULL, XML_PARSE_PEDANTIC | XML_PARSE_NONET);
+    doc = xmlReadFile(uri, NULL, xmlSecParserGetDefaultOptions() | XML_PARSE_PEDANTIC);
     if(doc == NULL) {
         xmlSecXmlError2("xmlReadFile ", xmlSecKeyStoreGetName(store),
                         "uri=%s", xmlSecErrorsSafeString(uri));
diff --git a/src/mscng/certkeys.c b/src/mscng/certkeys.c
index dc3138a68..41393b405 100644
--- a/src/mscng/certkeys.c
+++ b/src/mscng/certkeys.c
@@ -26,6 +26,7 @@
 #include <xmlsec/keys.h>
 #include <xmlsec/transforms.h>
 #include <xmlsec/xmltree.h>
+#include <xmlsec/private.h>
 
 #include <xmlsec/mscng/certkeys.h>
 #include <xmlsec/mscng/crypto.h>
diff --git a/src/mscng/symkeys.c b/src/mscng/symkeys.c
index 347281672..0c9e79e3b 100644
--- a/src/mscng/symkeys.c
+++ b/src/mscng/symkeys.c
@@ -23,6 +23,7 @@
 #include <xmlsec/transforms.h>
 #include <xmlsec/errors.h>
 #include <xmlsec/bn.h>
+#include <xmlsec/private.h>
 
 #include <xmlsec/mscng/crypto.h>
 
diff --git a/src/mscng/x509vfy.c b/src/mscng/x509vfy.c
index 4593fa45e..c6497c98d 100644
--- a/src/mscng/x509vfy.c
+++ b/src/mscng/x509vfy.c
@@ -27,6 +27,7 @@
 #include <xmlsec/keyinfo.h>
 #include <xmlsec/keysmngr.h>
 #include <xmlsec/xmltree.h>
+#include <xmlsec/private.h>
 
 #include <xmlsec/mscng/crypto.h>
 #include <xmlsec/mscng/x509.h>
diff --git a/src/mscrypto/certkeys.c b/src/mscrypto/certkeys.c
index 2a20b8bdd..8f94f70ed 100644
--- a/src/mscrypto/certkeys.c
+++ b/src/mscrypto/certkeys.c
@@ -32,6 +32,7 @@
 #include <xmlsec/transforms.h>
 #include <xmlsec/errors.h>
 #include <xmlsec/bn.h>
+#include <xmlsec/private.h>
 
 #include <xmlsec/mscrypto/certkeys.h>
 #include <xmlsec/mscrypto/crypto.h>
diff --git a/src/mscrypto/symkeys.c b/src/mscrypto/symkeys.c
index e4fb190cc..121f78767 100644
--- a/src/mscrypto/symkeys.c
+++ b/src/mscrypto/symkeys.c
@@ -24,6 +24,7 @@
 #include <xmlsec/keyinfo.h>
 #include <xmlsec/transforms.h>
 #include <xmlsec/errors.h>
+#include <xmlsec/private.h>
 
 #include <xmlsec/mscrypto/crypto.h>
 
diff --git a/src/mscrypto/x509vfy.c b/src/mscrypto/x509vfy.c
index 00af88d2f..54366a50a 100644
--- a/src/mscrypto/x509vfy.c
+++ b/src/mscrypto/x509vfy.c
@@ -31,6 +31,7 @@
 #include <xmlsec/bn.h>
 #include <xmlsec/errors.h>
 #include <xmlsec/xmltree.h>
+#include <xmlsec/private.h>
 
 #include <xmlsec/mscrypto/crypto.h>
 #include <xmlsec/mscrypto/x509.h>
diff --git a/src/nss/keysstore.c b/src/nss/keysstore.c
index d233ec8b4..c7c16e331 100644
--- a/src/nss/keysstore.c
+++ b/src/nss/keysstore.c
@@ -38,6 +38,7 @@
 #include <xmlsec/base64.h>
 #include <xmlsec/errors.h>
 #include <xmlsec/keysmngr.h>
+#include <xmlsec/private.h>
 
 #include <xmlsec/nss/crypto.h>
 #include <xmlsec/nss/keysstore.h>
diff --git a/src/nss/symkeys.c b/src/nss/symkeys.c
index f94b72a2b..9e8b7aa92 100644
--- a/src/nss/symkeys.c
+++ b/src/nss/symkeys.c
@@ -23,6 +23,7 @@
 #include <xmlsec/keyinfo.h>
 #include <xmlsec/transforms.h>
 #include <xmlsec/errors.h>
+#include <xmlsec/private.h>
 
 #include <xmlsec/nss/crypto.h>
 
diff --git a/src/openssl/keysstore.c b/src/openssl/keysstore.c
index ac4adf39f..e4d861f62 100644
--- a/src/openssl/keysstore.c
+++ b/src/openssl/keysstore.c
@@ -25,6 +25,7 @@
 #include <xmlsec/base64.h>
 #include <xmlsec/errors.h>
 #include <xmlsec/keysmngr.h>
+#include <xmlsec/private.h>
 
 #include <xmlsec/openssl/crypto.h>
 #include <xmlsec/openssl/keysstore.h>
diff --git a/src/parser.c b/src/parser.c
index 4c6404dac..9485be107 100644
--- a/src/parser.c
+++ b/src/parser.c
@@ -567,20 +567,39 @@ void
 xmlSecParsePrepareCtxt(xmlParserCtxtPtr ctxt) {
     xmlSecAssert(ctxt != NULL);
 
+#if LIBXML_VERSION < 21300
     /* required for c14n! */
     ctxt->loadsubset = XML_DETECT_IDS | XML_COMPLETE_ATTRS;
     ctxt->replaceEntities = 1;
+#else  /* LIBXML_VERSION < 21300 */
+    xmlCtxtSetOptions(ctxt, xmlSecParserGetDefaultOptions());
+#endif /* LIBXML_VERSION < 21300 */
 
     xmlCtxtUseOptions(ctxt, xmlSecParserGetDefaultOptions());
 }
 
+
 /*
- * XML_PARSE_NONET  to support c14n
- * XML_PARSE_NODICT to avoid problems with moving nodes around
- * XML_PARSE_HUGE   to enable parsing of XML documents with large text nodes
+ * To block network access and loading of external entities:
+ * - XML_PARSE_NO_XXE: disable loading of external content (available >= 2.13.0),
+ *   it disables XML_PARSE_DTDLOAD | XML_PARSE_DTDATTR ut we keep those in defaults
+ *   to make it work if XML_PARSE_NO_XXE is disabled (e.g. with --xxe option)
+ * - XML_PARSE_NONET: forbid network access
+ *
+ * To support c14n:
+ * - XML_PARSE_NOENT: substitute entities
+ * - XML_PARSE_DTDLOAD: load the external subset (disabled with XML_PARSE_NO_XXE)
+ * - XML_PARSE_DTDATTR: default DTD attributes (disabled with XML_PARSE_NO_XXE)
+ *
+ * Misc:
+ * XML_PARSE_NODICT: do not reuse the context dictionary (to avoid problems with moving nodes around)
+ * XML_PARSE_HUGE: relax any hardcoded limit from the parser (to enable parsing of XML documents with large text nodes)
  */
-static int g_xmlsec_parser_default_options = XML_PARSE_NONET | XML_PARSE_NODICT | XML_PARSE_HUGE;
-
+#if LIBXML_VERSION < 21300
+static int g_xmlsec_parser_default_options = XML_PARSE_NONET | XML_PARSE_NOENT | XML_PARSE_DTDLOAD | XML_PARSE_DTDATTR | XML_PARSE_NODICT | XML_PARSE_HUGE;
+#else  /* LIBXML_VERSION < 21300 */
+static int g_xmlsec_parser_default_options = XML_PARSE_NO_XXE | XML_PARSE_NONET | XML_PARSE_NOENT | XML_PARSE_DTDLOAD | XML_PARSE_DTDATTR | XML_PARSE_NODICT | XML_PARSE_HUGE;
+#endif /* LIBXML_VERSION < 21300 */
 /**
  * xmlSecParserGetDefaultOptions:
  *
diff --git a/src/templates.c b/src/templates.c
index 4fcbf774f..32efdeba0 100644
--- a/src/templates.c
+++ b/src/templates.c
@@ -26,6 +26,7 @@
 #include <xmlsec/strings.h>
 #include <xmlsec/base64.h>
 #include <xmlsec/templates.h>
+#include <xmlsec/parser.h>
 #include <xmlsec/errors.h>
 
 
@@ -1569,7 +1570,7 @@ xmlSecTmplTransformAddXsltStylesheet(xmlNodePtr transformNode, const xmlChar *xs
     xmlSecAssert2(transformNode != NULL, -1);
     xmlSecAssert2(xslt != NULL, -1);
 
-    xsltDoc = xmlReadMemory((const char*)xslt, xmlStrlen(xslt), NULL, NULL, XML_PARSE_PEDANTIC | XML_PARSE_NONET);
+    xsltDoc = xmlReadMemory((const char*)xslt, xmlStrlen(xslt), NULL, NULL, xmlSecParserGetDefaultOptions() | XML_PARSE_PEDANTIC);
     if(xsltDoc == NULL) {
         xmlSecXmlError("xmlReadMemory", NULL);
         return(-1);
diff --git a/src/xmlsec.c b/src/xmlsec.c
index 4fdc78fea..8187ff8ba 100644
--- a/src/xmlsec.c
+++ b/src/xmlsec.c
@@ -29,26 +29,20 @@
 #include <xmlsec/transforms.h>
 #include <xmlsec/app.h>
 #include <xmlsec/io.h>
+#include <xmlsec/parser.h>
 #include <xmlsec/errors.h>
 
 #include "cast_helpers.h"
 
-/*
- * Custom external entity handler, denies all files except the initial
- * document we're parsing (input_id == 1)
- */
+
 /* default external entity loader, pointer saved during xmlInit */
-static xmlExternalEntityLoader
-xmlSecDefaultExternalEntityLoader = NULL;
+static xmlExternalEntityLoader xmlSecDefaultExternalEntityLoader = NULL;
 
+/* new parser option XML_PARSE_NO_XXE available since 2.13.0 */
+#if LIBXML_VERSION < 21300
 /*
- * xmlSecNoXxeExternalEntityLoader:
- * @URL:        the URL for the entity to load
- * @ID:         public ID for the entity to load
- * @ctxt:       XML parser context, or NULL
- *
- * See libxml2's xmlLoadExternalEntity and xmlNoNetExternalEntityLoader.
- * This function prevents any external (file or network) entities from being loaded.
+ * Custom external entity handler, denies all files except the initial
+ * document we're parsing (input_id == 1)
  */
 static xmlParserInputPtr
 xmlSecNoXxeExternalEntityLoader(const char *URL, const char *ID,
@@ -64,6 +58,8 @@ xmlSecNoXxeExternalEntityLoader(const char *URL, const char *ID,
     return(NULL);
 }
 
+#endif /* LIBXML_VERSION < 21300 */
+
 /**
  * xmlSecSetExternalEntityLoader:
  * @entityLoader:       the new entity resolver function, or NULL to restore libxml2's default handler
@@ -113,8 +109,11 @@ xmlSecInit(void) {
     if (!xmlSecDefaultExternalEntityLoader) {
         xmlSecDefaultExternalEntityLoader = xmlGetExternalEntityLoader();
     }
-    xmlSetExternalEntityLoader(xmlSecNoXxeExternalEntityLoader);
 
+    /* new parser option XML_PARSE_NO_XXE available since 2.13.0 and is set as default options for parsers */
+#if LIBXML_VERSION < 21300
+    xmlSetExternalEntityLoader(xmlSecNoXxeExternalEntityLoader);
+#endif /* LIBXML_VERSION < 21300 */
 
     /* we use rand() function to generate id attributes */
     srand((unsigned int)time(NULL));
diff --git a/src/xpath.c b/src/xpath.c
index 9d8291c74..1f3821be6 100644
--- a/src/xpath.c
+++ b/src/xpath.c
@@ -111,9 +111,9 @@ xmlSecXPathDataCreate(xmlSecXPathDataType type) {
         }
         break;
     case xmlSecXPathDataTypeXPointer:
-        data->ctx = xmlXPtrNewContext(NULL, NULL, NULL); /* we'll set doc in the context later */
+        data->ctx = xmlXPathNewContext(NULL); /* we'll set doc in the context later */
         if(data->ctx == NULL) {
-            xmlSecXmlError("xmlXPtrNewContext", NULL);
+            xmlSecXmlError("xmlXPathNewContext", NULL);
             xmlSecXPathDataDestroy(data);
             return(NULL);
         }