Debian Linux Security Advisory 2842-1 - Alvaro Munoz discovered a XML External Entity (XXE) injection in the Spring Framework which can be used for conducting CSRF and DoS attacks on other sites.
661559d82e59595aa56b0d039a8e4a818c0fa3e433d0bbf0fcfe15354a747c27