diff --git a/deegree-core/deegree-core-commons/src/main/java/org/deegree/commons/xml/XsltUtils.java b/deegree-core/deegree-core-commons/src/main/java/org/deegree/commons/xml/XsltUtils.java
index f2f37a69be..3e3d7758d5 100644
--- a/deegree-core/deegree-core-commons/src/main/java/org/deegree/commons/xml/XsltUtils.java
+++ b/deegree-core/deegree-core-commons/src/main/java/org/deegree/commons/xml/XsltUtils.java
@@ -53,6 +53,7 @@ Occam Labs UG (haftungsbeschränkt)
 import javax.xml.transform.TransformerFactory;
 import javax.xml.transform.stream.StreamResult;
 import javax.xml.transform.stream.StreamSource;
+import javax.xml.XMLConstants;
 
 /**
  * Utility methods to transform xml streams with xslt.
@@ -72,6 +73,7 @@ public static void transform(InputStream doc, URL xsltUrl, OutputStream out)
 		StreamSource source = new StreamSource(doc);
 		StreamSource xslt = new StreamSource(new File(xsltUrl.toURI()));
 		TransformerFactory fac = TransformerFactory.newInstance();
+		fac.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
 		Transformer t = fac.newTransformer(xslt);
 		Result result = new StreamResult(out);
 		t.transform(source, result);