Added a config option to turn xml doctype declarations on in AMF Xml payload. It is called: "allow-xml-doctype-declaration"
diff --git a/modules/common/pom.xml b/modules/common/pom.xml
index a518579..42e4d42 100755
--- a/modules/common/pom.xml
+++ b/modules/common/pom.xml
@@ -22,7 +22,7 @@
 	<parent>
         <groupId>org.apache.flex.blazeds</groupId>
 		<artifactId>blazeds</artifactId>
-		<version>4.8.0-SNAPSHOT</version>
+		<version>4.7.2-SNAPSHOT</version>
 		<relativePath>../pom.xml</relativePath>
 	</parent>
 
diff --git a/modules/core/pom.xml b/modules/core/pom.xml
index 1309282..8d6c8fb 100755
--- a/modules/core/pom.xml
+++ b/modules/core/pom.xml
@@ -22,7 +22,7 @@
 	<parent>
         <groupId>org.apache.flex.blazeds</groupId>
 		<artifactId>blazeds</artifactId>
-		<version>4.8.0-SNAPSHOT</version>
+		<version>4.7.2-SNAPSHOT</version>
 		<relativePath>../pom.xml</relativePath>
 	</parent>
 
diff --git a/modules/core/src/flex/messaging/endpoints/AbstractEndpoint.java b/modules/core/src/flex/messaging/endpoints/AbstractEndpoint.java
index ffa1d0f..c265ea9 100644
--- a/modules/core/src/flex/messaging/endpoints/AbstractEndpoint.java
+++ b/modules/core/src/flex/messaging/endpoints/AbstractEndpoint.java
@@ -109,6 +109,7 @@
     private static final String LEGACY_THROWABLE = "legacy-throwable";
     private static final String LEGACY_BIG_NUMBERS = "legacy-big-numbers";
     private static final String LEGACY_EXTERNALIZABLE = "legacy-externalizable";
+    private static final String ALLOW_XML_DOCTYPE_DECLARATION = "allow-xml-doctype-declaration";
     private static final String ALLOW_XML_EXTERNAL_ENTITY_EXPANSION = "allow-xml-external-entity-expansion";
 
     private static final String LOG_PROPERTY_ERRORS = "log-property-errors";
@@ -278,6 +279,7 @@
             serializationContext.legacyThrowable = serialization.getPropertyAsBoolean(LEGACY_THROWABLE, false);
             serializationContext.legacyBigNumbers = serialization.getPropertyAsBoolean(LEGACY_BIG_NUMBERS, false);
             serializationContext.legacyExternalizable = serialization.getPropertyAsBoolean(LEGACY_EXTERNALIZABLE, false);
+            serializationContext.allowXmlDoctypeDeclaration = serialization.getPropertyAsBoolean(ALLOW_XML_DOCTYPE_DECLARATION, false);
             serializationContext.allowXmlExternalEntityExpansion = serialization.getPropertyAsBoolean(ALLOW_XML_EXTERNAL_ENTITY_EXPANSION, false);
             serializationContext.maxObjectNestLevel = (int)serialization.getPropertyAsLong(MAX_OBJECT_NEST_LEVEL, 512);
             serializationContext.maxCollectionNestLevel = (int)serialization.getPropertyAsLong(MAX_COLLECTION_NEST_LEVEL, 15);
diff --git a/modules/core/src/flex/messaging/io/SerializationContext.java b/modules/core/src/flex/messaging/io/SerializationContext.java
index d4a9f41..9ffe17c 100644
--- a/modules/core/src/flex/messaging/io/SerializationContext.java
+++ b/modules/core/src/flex/messaging/io/SerializationContext.java
@@ -80,6 +80,7 @@
     // Similarly like how many dimensional matrix that we support for serialization.
     public int maxCollectionNestLevel = 15;
 
+    public boolean allowXmlDoctypeDeclaration = false;
     public boolean allowXmlExternalEntityExpansion = false;
 
     /**
@@ -227,6 +228,7 @@
             context.deserializationValidator = deserializationValidator;
             context.maxObjectNestLevel = maxObjectNestLevel;
             context.maxCollectionNestLevel = maxCollectionNestLevel;
+            context.allowXmlDoctypeDeclaration = allowXmlDoctypeDeclaration;
             context.allowXmlExternalEntityExpansion = allowXmlExternalEntityExpansion;
             context.preferVectors = preferVectors;
             return context;
diff --git a/modules/core/src/flex/messaging/io/amf/AbstractAmfInput.java b/modules/core/src/flex/messaging/io/amf/AbstractAmfInput.java
index 5d985f6..a62a546 100644
--- a/modules/core/src/flex/messaging/io/amf/AbstractAmfInput.java
+++ b/modules/core/src/flex/messaging/io/amf/AbstractAmfInput.java
@@ -83,7 +83,7 @@
 
         // Validation performed in XMLUtil#stringToDocument.
         return XMLUtil.stringToDocument(xml, !(context.legacyXMLNamespaces),
-                context.allowXmlExternalEntityExpansion);
+                context.allowXmlDoctypeDeclaration, context.allowXmlExternalEntityExpansion);
     }
 
     /**
diff --git a/modules/core/src/flex/messaging/io/amfx/AmfxInput.java b/modules/core/src/flex/messaging/io/amfx/AmfxInput.java
index 8944049..83911ff 100644
--- a/modules/core/src/flex/messaging/io/amfx/AmfxInput.java
+++ b/modules/core/src/flex/messaging/io/amfx/AmfxInput.java
@@ -1050,7 +1050,7 @@
 
         // Validation performed in XMLUtil#stringToDocument.
         Object value = XMLUtil.stringToDocument(xml, !(context.legacyXMLNamespaces),
-                context.allowXmlExternalEntityExpansion);
+                context.allowXmlDoctypeDeclaration, context.allowXmlExternalEntityExpansion);
         setValue(value);
     }
 
diff --git a/modules/core/src/flex/messaging/util/XMLUtil.java b/modules/core/src/flex/messaging/util/XMLUtil.java
index abc224d..e27149c 100644
--- a/modules/core/src/flex/messaging/util/XMLUtil.java
+++ b/modules/core/src/flex/messaging/util/XMLUtil.java
@@ -97,7 +97,7 @@
      */
     public static Document stringToDocument(String xml)
     {
-        return stringToDocument(xml, true, false);
+        return stringToDocument(xml, true, false, false);
     }
 
     /**
@@ -109,7 +109,8 @@
      * is name-space aware
      * @return Document
      */
-    public static Document stringToDocument(String xml, boolean nameSpaceAware, boolean allowXmlExternalEntityExpansion)
+    public static Document stringToDocument(String xml, boolean nameSpaceAware, boolean allowXmlDoctypeDeclaration,
+                                            boolean allowXmlExternalEntityExpansion)
     {
         ClassUtil.validateCreation(Document.class);
 
@@ -122,6 +123,11 @@
                 InputSource input = new InputSource(reader);
                 DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
 
+                if(!allowXmlDoctypeDeclaration)
+                {
+                    factory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
+                }
+
                 if(!allowXmlExternalEntityExpansion)
                 {
                     // Disable local resolution of entities due to security issues
diff --git a/modules/opt/pom.xml b/modules/opt/pom.xml
index d77fcf4..051ed24 100755
--- a/modules/opt/pom.xml
+++ b/modules/opt/pom.xml
@@ -22,7 +22,7 @@
 	<parent>
         <groupId>org.apache.flex.blazeds</groupId>
 		<artifactId>blazeds</artifactId>
-		<version>4.8.0-SNAPSHOT</version>
+		<version>4.7.2-SNAPSHOT</version>
 		<relativePath>../pom.xml</relativePath>
 	</parent>
 
diff --git a/modules/opt/poms/tomcat4/pom.xml b/modules/opt/poms/tomcat4/pom.xml
index d7d5f5b..2d742ee 100755
--- a/modules/opt/poms/tomcat4/pom.xml
+++ b/modules/opt/poms/tomcat4/pom.xml
@@ -22,7 +22,7 @@
 	<parent>
         <groupId>org.apache.flex.blazeds</groupId>
 		<artifactId>flex-messaging-opt</artifactId>
-		<version>4.8.0-SNAPSHOT</version>
+		<version>4.7.2-SNAPSHOT</version>
 		<relativePath>../../pom.xml</relativePath>
 	</parent>
 
diff --git a/modules/opt/poms/tomcat6/pom.xml b/modules/opt/poms/tomcat6/pom.xml
index d609a99..364d017 100755
--- a/modules/opt/poms/tomcat6/pom.xml
+++ b/modules/opt/poms/tomcat6/pom.xml
@@ -22,7 +22,7 @@
 	<parent>
         <groupId>org.apache.flex.blazeds</groupId>
 		<artifactId>flex-messaging-opt</artifactId>
-		<version>4.8.0-SNAPSHOT</version>
+		<version>4.7.2-SNAPSHOT</version>
 		<relativePath>../../pom.xml</relativePath>
 	</parent>
 
diff --git a/modules/opt/poms/tomcat7/pom.xml b/modules/opt/poms/tomcat7/pom.xml
index e80781e..6b73f3b 100755
--- a/modules/opt/poms/tomcat7/pom.xml
+++ b/modules/opt/poms/tomcat7/pom.xml
@@ -22,7 +22,7 @@
 	<parent>
         <groupId>org.apache.flex.blazeds</groupId>
 		<artifactId>flex-messaging-opt</artifactId>
-		<version>4.8.0-SNAPSHOT</version>
+		<version>4.7.2-SNAPSHOT</version>
 		<relativePath>../../pom.xml</relativePath>
 	</parent>
 
diff --git a/modules/pom.xml b/modules/pom.xml
index 33da3bb..6045b34 100755
--- a/modules/pom.xml
+++ b/modules/pom.xml
@@ -29,7 +29,7 @@
 
 	<groupId>org.apache.flex.blazeds</groupId>
 	<artifactId>blazeds</artifactId>
-	<version>4.8.0-SNAPSHOT</version>
+	<version>4.7.2-SNAPSHOT</version>
 	<packaging>pom</packaging>
 
 	<name>Apache Flex: BlazeDS</name>
diff --git a/modules/proxy/pom.xml b/modules/proxy/pom.xml
index 296d351..b1d9102 100755
--- a/modules/proxy/pom.xml
+++ b/modules/proxy/pom.xml
@@ -22,7 +22,7 @@
    <parent>
        <groupId>org.apache.flex.blazeds</groupId>
         <artifactId>blazeds</artifactId>
-        <version>4.8.0-SNAPSHOT</version>
+        <version>4.7.2-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
 
diff --git a/modules/remoting/pom.xml b/modules/remoting/pom.xml
index 4ac1c74..93a6bfb 100755
--- a/modules/remoting/pom.xml
+++ b/modules/remoting/pom.xml
@@ -22,7 +22,7 @@
 	<parent>
         <groupId>org.apache.flex.blazeds</groupId>
 		<artifactId>blazeds</artifactId>
-		<version>4.8.0-SNAPSHOT</version>
+		<version>4.7.2-SNAPSHOT</version>
 		<relativePath>../pom.xml</relativePath>
 	</parent>
 
diff --git a/modules/testsuite/pom.xml b/modules/testsuite/pom.xml
index 8206cc5..1428f30 100644
--- a/modules/testsuite/pom.xml
+++ b/modules/testsuite/pom.xml
@@ -22,7 +22,7 @@
 	<parent>
         <groupId>org.apache.flex.blazeds</groupId>
 		<artifactId>blazeds</artifactId>
-		<version>4.8.0-SNAPSHOT</version>
+		<version>4.7.2-SNAPSHOT</version>
 		<relativePath>../pom.xml</relativePath>
 	</parent>
 
diff --git a/modules/testsuite/src/test/java/flex/messaging/io/amfx/AllowDocumentTypeDeclaration.java b/modules/testsuite/src/test/java/flex/messaging/io/amfx/AllowDocumentTypeDeclaration.java
new file mode 100644
index 0000000..c4427e7
--- /dev/null
+++ b/modules/testsuite/src/test/java/flex/messaging/io/amfx/AllowDocumentTypeDeclaration.java
@@ -0,0 +1,151 @@
+/*
+ *
+ *  Licensed to the Apache Software Foundation (ASF) under one or more
+ *  contributor license agreements.  See the NOTICE file distributed with
+ *  this work for additional information regarding copyright ownership.
+ *  The ASF licenses this file to You under the Apache License, Version 2.0
+ *  (the "License"); you may not use this file except in compliance with
+ *  the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ */
+package flex.messaging.io.amfx;
+
+import flex.messaging.MessageException;
+import flex.messaging.util.XMLUtil;
+import junit.framework.Assert;
+import junit.framework.TestCase;
+
+import java.io.BufferedReader;
+import java.io.IOException;
+import java.io.InputStreamReader;
+import java.io.OutputStream;
+import java.net.ServerSocket;
+import java.net.Socket;
+
+/**
+ * Created by christoferdutz on 23.07.15.
+ */
+
+public class AllowDocumentTypeDeclaration extends TestCase {
+
+    public void testDoctypeEnabled() throws Exception {
+        // Start a simple server socket.
+        TinyServer server = new TinyServer();
+        server.start();
+
+        // Sleep for half a second.
+        Thread.sleep(500);
+
+        try {
+            StringBuffer xml = new StringBuffer(512);
+            xml.append("<?xml version=\"1.0\" encoding=\"UTF-8\"?>\r\n");
+            xml.append("<!DOCTYPE foo PUBLIC \"-//VSR//PENTEST//EN\" \"http://localhost:" + server.getPort() +
+                    "/service?ssrf\">");
+            xml.append("<foo>Some content</foo>");
+            XMLUtil.stringToDocument(xml.toString(), true, true, false);
+
+            // The server should have been contacted.
+            Assert.assertTrue(server.connected);
+        } finally {
+            server.kill();
+        }
+    }
+
+    public void testDoctypeDisabled() throws Exception {
+        // Start a simple server socket.
+        TinyServer server = new TinyServer();
+        server.start();
+
+        // Sleep for half a second.
+        Thread.sleep(500);
+
+        try {
+            StringBuffer xml = new StringBuffer(512);
+            xml.append("<?xml version=\"1.0\" encoding=\"UTF-8\"?>\r\n");
+            xml.append("<!DOCTYPE foo PUBLIC \"-//VSR//PENTEST//EN\" \"http://localhost:" + server.getPort() +
+                    "/service?ssrf\">");
+            xml.append("<foo>Some content</foo>");
+            try {
+                XMLUtil.stringToDocument(xml.toString(), true, false, false);
+                Assert.fail("This should have failed.");
+            } catch (MessageException me) {
+                Assert.assertTrue(me.getMessage().contains("DOCTYPE"));
+            }
+
+            // The server should not have been contacted.
+            Assert.assertFalse(server.connected);
+        } finally {
+            server.kill();
+        }
+    }
+
+    private class TinyServer extends Thread {
+
+        private int port;
+        private boolean connected = false;
+
+        private ServerSocket serverSocket;
+        private Socket clientSocket;
+
+        @Override
+        public void run() {
+            try {
+                serverSocket = new ServerSocket(0);
+                port = serverSocket.getLocalPort();
+                clientSocket = serverSocket.accept();
+                connected = true;
+                BufferedReader reader = new BufferedReader(new InputStreamReader(clientSocket.getInputStream()));
+                while(reader.ready()) {
+                    String line = reader.readLine();
+                    System.out.println(line);
+                }
+                OutputStream out = clientSocket.getOutputStream();
+                out.write("HTTP/1.0 200 OK".getBytes());
+                out.write("Content-Type: text/plain".getBytes());
+                out.write("Content-Length: 1354".getBytes());
+                out.write(("<!DOCTYPE foo [" +
+                        "<!ELEMENT foo>" +
+                        "]>").getBytes());
+                out.flush();
+            } catch (Exception e) {
+                // Ignore.
+            } finally {
+                try {
+                    clientSocket.getOutputStream().close();
+                } catch(Exception e) {
+                    // Ignore ...
+                }
+                try {
+                    clientSocket.getOutputStream().close();
+                } catch(Exception e) {
+                    // Ignore ...
+                }
+            }
+        }
+
+        public void kill() {
+            try {
+                serverSocket.close();
+            } catch (IOException e) {
+                // Ignore.
+            }
+        }
+
+        public int getPort() {
+            return port;
+        }
+
+        public boolean isConnected() {
+            return connected;
+        }
+    }
+
+}