schemafactory-xxe-schema
.xsd
files). It is our recommendation to secure this parser against XXE attacks by configuring FACTORY.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true). Alternatively, the following configurations also provide protection against XXE attacks.
$FACTORY.setProperty(XMLConstants.ACCESS_EXTERNAL_SCHEMA, "")`. For more information, see: Java XXE prevention