A GEL script that parses XML files using the gel:parse tag in our Production environment 15.1 throws an error when tested in our environment post 15.4 upgrade, with the following message:
DOCTYPE is disallowed when the feature "http://apache.org/xml/features/disallow-doctype-decl" set to true.
DE38058 - XXE Attack in XOG
It was identified as a security vulnerability and GEL script will need to be modified to not use DOCTYPE tag.
There’s no work around.