Ability to load external DTDs is considered as security issue, especially if DTDs are not hosted on https hosting.
Checkstyle used to rely on remote DTD files previously so such ability was enabled by default.
From 8.11 version checkstyle do not rely on remove DTDs if you use standard config, with standard DTDs.
UPGRADE INSTRUCTIONS: Users still can activate not very secure behavior by system property checkstyle.enableExternalDtdLoad, so simply make your CLI execution like java -Dcheckstyle.enableExternalDtdLoad=true -jar .......
Or activate system property by any other way in your checkstyle execution.
ATTENTION: user on old versions of checkstyle that reference to DTD files http (not secure) hosting on sourceforge.net will be forced to upgrade to at least to https versions of DTD files. Removal of DTDs on http hosting will be done in scope of - #6478.
Ability to load external DTDs is considered as security issue, especially if DTDs are not hosted on
httpshosting.Checkstyle used to rely on remote DTD files previously so such ability was enabled by default.
From 8.11 version checkstyle do not rely on remove DTDs if you use standard config, with standard DTDs.
UPGRADE INSTRUCTIONS: Users still can activate not very secure behavior by system property
checkstyle.enableExternalDtdLoad, so simply make your CLI execution likejava -Dcheckstyle.enableExternalDtdLoad=true -jar .......Or activate system property by any other way in your checkstyle execution.
ATTENTION: user on old versions of checkstyle that reference to DTD files
http(not secure) hosting on sourceforge.net will be forced to upgrade to at least tohttpsversions of DTD files. Removal of DTDs onhttphosting will be done in scope of - #6478.