Could you please let me know if following security issue has been resolved?
http://xmlfr.org/cache/0014.html Thanks much. Insoo >>> => Summary: Using the DTD part of the XML document, it is possible to cause the XML parser to consume 100% CPU and/or a lot of memory, therefore resulting in a denial of service condition. => Description: The DTD part of the XML document enables the document to define named entities (other than the predefined <, >, etc.). The entities can be defined using other entities (recursion is prohibited in XML 1.0). Entities are expanded when they are referenced, inside the XML document. The attack is comprised of defining and referencing an entity which is defined using two instances of another entity, which is (in turn) defined as two instances of yet another entity, and so on. This definition process can be repeated as long as "necessary" - we found that nesting level of 100 is usually sufficient. The 100th entity should be defined simply as a string. This has the effect of having the first entity contain, in theory, 2^99 (two to the power of ninety nine) concatenated values of the 100th entity. Here's an example (the DTD is to be placed after the XML declaration, and before the root element of the XML document):
