diff --git a/build.xml b/build.xml
index ecc92de49..b4781cd38 100644
--- a/build.xml
+++ b/build.xml
@@ -580,8 +580,15 @@ under the License.
-
-
+
+
+
+
+
+
+
+
+
diff --git a/src/ooxml/java/org/apache/poi/POIXMLTypeLoader.java b/src/ooxml/java/org/apache/poi/POIXMLTypeLoader.java
index 1fd55628c..5304b3121 100644
--- a/src/ooxml/java/org/apache/poi/POIXMLTypeLoader.java
+++ b/src/ooxml/java/org/apache/poi/POIXMLTypeLoader.java
@@ -53,7 +53,10 @@ public class POIXMLTypeLoader {
DEFAULT_XML_OPTIONS.setUseDefaultNamespace();
DEFAULT_XML_OPTIONS.setSaveAggressiveNamespaces();
DEFAULT_XML_OPTIONS.setCharacterEncoding("UTF-8");
- DEFAULT_XML_OPTIONS.setLoadEntityBytesLimit(4096);
+ // Piccolo is disabled for POI builts, i.e. JAXP is used for parsing
+ // so only user code using XmlObject/XmlToken.Factory.parse
+ // directly can bypass the entity check, which is probably unlikely (... and not within our responsibility :))
+ // DEFAULT_XML_OPTIONS.setLoadEntityBytesLimit(4096);
Map map = new HashMap();
map.put("http://schemas.openxmlformats.org/drawingml/2006/main", "a");