Title: RESTEasy Configuration Parameters Describe the issue: Resteasy 2.3.9 introduced two new parameters as part of the fix of BZ#1090487: resteasy.document.secure.processing.feature resteasy.document.secure.disableDTDs See upstream jira RESTEASY-1055 for details. Suggestions for improvement: See upstream doc: http://docs.jboss.org/resteasy/docs/2.3.7.Final/userguide/html_single/index.html#d4e39 Additional information:
Correction of the link for the reference upstream documentation: http://docs.jboss.org/resteasy/docs/3.0.9.Final/userguide/html_single/ The following two parameters from the above link need to be copied to the documentation: Name: resteasy.document.secure.processing.feature Default value: true Description: Impose security constraints in processing org.w3c.dom.Document documents and JAXB object representations Name: resteasy.document.secure.disableDTDs Default value: true Description: Prohibit DTDs in org.w3c.dom.Document documents and JAXB object representations