Debian Linux Security Advisory 2857-1 - It was discovered by the Spring development team that the fix for the XML External Entity (XXE) Injection (CVE-2013-4152) in the Spring Framework was incomplete.
9c12097cfb875c61fce6e20b552e7f5f7b025cc8d7ef5982a220e834a33b1796