In all versions of Eclipse Web Tools Platform through release 3.18 (2020-06), XML and DTD files referring to external entities could be exploited to send the contents of local files to a remote server when edited or validated, even when external entity resolution is disabled in the user preferences. Upstream bug: https://bugs.eclipse.org/bugs/show_bug.cgi?id=458571
Created eclipse-webtools tracking bugs for this issue: Affects: fedora-all [bug 1857370]
Patch: https://git.eclipse.org/c/sourceediting/webtools.sourceediting.git/commit/?id=9644d4217cd6e3be367d654a8320104d88ddfd6b