diff --git a/.gitpod.yml b/.gitpod.yml
new file mode 100644
index 0000000..4efa528
--- /dev/null
+++ b/.gitpod.yml
@@ -0,0 +1,10 @@
+# This configuration file was automatically generated by Gitpod.
+# Please adjust to your needs (see https://www.gitpod.io/docs/introduction/learn-gitpod/gitpod-yaml)
+# and commit this file to your remote git repository to share the goodness with others.
+
+# Learn more from ready-to-use templates: https://www.gitpod.io/docs/introduction/getting-started/quickstart
+
+tasks:
+  - init: mvn install -DskipTests=false
+
+
diff --git a/src/main/java/com/michelin/avroxmlmapper/mapper/AvroToXmlUtils.java b/src/main/java/com/michelin/avroxmlmapper/mapper/AvroToXmlUtils.java
index eb5b480..725b6e8 100644
--- a/src/main/java/com/michelin/avroxmlmapper/mapper/AvroToXmlUtils.java
+++ b/src/main/java/com/michelin/avroxmlmapper/mapper/AvroToXmlUtils.java
@@ -40,6 +40,9 @@ public static Document createDocumentfromAvro(SpecificRecordBase record, String
         try {
             DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
             factory.setNamespaceAware(true);
+            factory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
+            factory.setFeature("http://xml.org/sax/features/external-general-entities", false);
+            factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
             DocumentBuilder builder = factory.newDocumentBuilder();
             document = builder.newDocument();
             Map<String, String> mapNamespaces;
diff --git a/src/main/java/com/michelin/avroxmlmapper/utility/GenericUtils.java b/src/main/java/com/michelin/avroxmlmapper/utility/GenericUtils.java
index 7bb736e..c60f476 100644
--- a/src/main/java/com/michelin/avroxmlmapper/utility/GenericUtils.java
+++ b/src/main/java/com/michelin/avroxmlmapper/utility/GenericUtils.java
@@ -131,6 +131,9 @@ public static Document stringToDocument(String strValue, Map<String, String> xml
 
             DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
             factory.setNamespaceAware(true);
+            factory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
+            factory.setFeature("http://xml.org/sax/features/external-general-entities", false);
+            factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
             DocumentBuilder builder = factory.newDocumentBuilder();
             InputSource is = new InputSource(new StringReader(strValue));
             document = builder.parse(is);