AMQ-9771: Enable security features when building XML Schema in activemq-runtime-config. (#1498)

commit: 57b05b9e1bf40c61784dedbb1adf3e1b99faed93 [log] [tgz]
author: Sérgio Lemos <lemoss@amazon.com> Thu Sep 18 04:18:21 2025 -0700
committer: GitHub <noreply@github.com> Thu Sep 18 13:18:21 2025 +0200
tree: aa9410ce39d19085f45dbdf64634c267c53f301b
parent: 718ce02181d57cfec82de8c7c275501dbdd2cac4 [diff]
diff --git a/activemq-runtime-config/src/main/java/org/apache/activemq/plugin/RuntimeConfigurationBroker.java b/activemq-runtime-config/src/main/java/org/apache/activemq/plugin/RuntimeConfigurationBroker.java
index e0d3d80..b7342f4 100644
--- a/activemq-runtime-config/src/main/java/org/apache/activemq/plugin/RuntimeConfigurationBroker.java
+++ b/activemq-runtime-config/src/main/java/org/apache/activemq/plugin/RuntimeConfigurationBroker.java

@@ -228,8 +228,9 @@
 
     private Schema getSchema() throws SAXException, IOException {
         if (schema == null) {
-            SchemaFactory schemaFactory = SchemaFactory.newInstance(
-                    XMLConstants.W3C_XML_SCHEMA_NS_URI);
+            SchemaFactory schemaFactory = SchemaFactory.newInstance(XMLConstants.W3C_XML_SCHEMA_NS_URI);
+            schemaFactory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
+            schemaFactory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
 
             ArrayList<StreamSource> schemas = new ArrayList<StreamSource>();
             schemas.add(new StreamSource(getClass().getResource("/activemq.xsd").toExternalForm()));
commit	57b05b9e1bf40c61784dedbb1adf3e1b99faed93	[log] [tgz]
author	Sérgio Lemos <lemoss@amazon.com>	Thu Sep 18 04:18:21 2025 -0700
committer	GitHub <noreply@github.com>	Thu Sep 18 13:18:21 2025 +0200
tree	aa9410ce39d19085f45dbdf64634c267c53f301b
parent	718ce02181d57cfec82de8c7c275501dbdd2cac4 [diff]