DISPUTED An issue in dom4.j org.dom4.io.SAXReader v.2.1.4 and before
allows a remote attacker to obtain sensitive information via the setFeature
function. NOTE: the vendor and original reporter indicate that this is not
a vulnerability because setFeature only sets features, which “can be safe
in one case and unsafe in another.”