From 91430cf3b5e0706b0d1883b3458d719a08c8e381 Mon Sep 17 00:00:00 2001 From: Steve Waldman Date: Sat, 26 Jan 2019 23:28:41 -0800 Subject: [PATCH] More doc fixes, modify testing resources to make it easy to check entity expansion behavior. --- src/doc/extra.xml | 5 +++++ src/doc/index.html | 7 +++++-- src/test-properties/c3p0-config.xml | 8 ++++++++ 3 files changed, 18 insertions(+), 2 deletions(-) create mode 100644 src/doc/extra.xml diff --git a/src/doc/extra.xml b/src/doc/extra.xml new file mode 100644 index 00000000..1202931f --- /dev/null +++ b/src/doc/extra.xml @@ -0,0 +1,5 @@ + + 25 + true + + diff --git a/src/doc/index.html b/src/doc/index.html index 386c4188..9a41cf4d 100644 --- a/src/doc/index.html +++ b/src/doc/index.html @@ -2756,8 +2756,11 @@

Locating and Resolving Configur that is, in any location you specify under your classpath, including jar-file META-INF directories.

- Due to security concerns surrounding liberal parsing of XML references, as of c3p0-0.9.5.3, c3p0 by default no longer expands entity references in XML config files. - However, installations that understand the full transitive closure of all entity references in their XML config may override this conservative behavior by setting the following property + Due to security concerns surrounding liberal parsing of XML references, + as of c3p0-0.9.5.3, c3p0 by default no longer expands entity references in XML config files. + Entity references may be silently ignored! + However, in the very rare cases where configurations intentionally rely upon entity reference expansion, you can turn it back on. + Installations that understand the full transitive closure of all entity references in their XML config may enable entity reference expansion by setting the following property to true: