diff --git a/SOURCES/xalan-j2-CVE-2014-0107.patch b/SOURCES/xalan-j2-CVE-2014-0107.patch
new file mode 100644
index 0000000..3358f60
--- /dev/null
+++ b/SOURCES/xalan-j2-CVE-2014-0107.patch
@@ -0,0 +1,148 @@
+diff --git a/src/org/apache/xalan/processor/TransformerFactoryImpl.java b/src/org/apache/xalan/processor/TransformerFactoryImpl.java
+index 1298943..96a5e58 100644
+--- a/src/org/apache/xalan/processor/TransformerFactoryImpl.java
++++ b/src/org/apache/xalan/processor/TransformerFactoryImpl.java
+@@ -335,6 +335,10 @@ public class TransformerFactoryImpl extends SAXTransformerFactory
+           reader = XMLReaderFactory.createXMLReader();
+         }
+ 
++        if(m_isSecureProcessing)
++        {
++            reader.setFeature("http://xml.org/sax/features/external-general-entities",false);
++        }
+         // Need to set options!
+         reader.setContentHandler(handler);
+         reader.parse(isource);
+diff --git a/src/org/apache/xalan/processor/XSLTElementProcessor.java b/src/org/apache/xalan/processor/XSLTElementProcessor.java
+index b946743..17b7395 100644
+--- a/src/org/apache/xalan/processor/XSLTElementProcessor.java
++++ b/src/org/apache/xalan/processor/XSLTElementProcessor.java
+@@ -338,17 +338,31 @@ public class XSLTElementProcessor extends ElemTemplateElement
+       }
+       else
+       {
+-        // Can we switch the order here:
+-
+-        boolean success = attrDef.setAttrValue(handler, attrUri, attrLocalName,
+-                             attributes.getQName(i), attributes.getValue(i),
+-                             target);
+-                             
+-        // Now we only add the element if it passed a validation check
+-        if (success)
+-            processedDefs.add(attrDef);
+-        else
+-            errorDefs.add(attrDef);
++        //handle secure processing
++        if(handler.getStylesheetProcessor()==null)
++            System.out.println("stylesheet processor null");
++        if(attrDef.getName().compareTo("*")==0 && handler.getStylesheetProcessor().isSecureProcessing())
++        {
++            //foreign attributes are not allowed in secure processing mode
++            // Then barf, because this element does not allow this attribute.
++            handler.error(XSLTErrorResources.ER_ATTR_NOT_ALLOWED, new Object[]{attributes.getQName(i), rawName}, null);//"\""+attributes.getQName(i)+"\""
++            //+ " attribute is not allowed on the " + rawName
++            // + " element!", null);
++        }
++        else
++        {
++
++
++            boolean success = attrDef.setAttrValue(handler, attrUri, attrLocalName,
++                                 attributes.getQName(i), attributes.getValue(i),
++                                 target);
++
++            // Now we only add the element if it passed a validation check
++            if (success)
++                processedDefs.add(attrDef);
++            else
++                errorDefs.add(attrDef);
++        }
+       }
+     }
+ 
+diff --git a/src/org/apache/xalan/transformer/TransformerImpl.java b/src/org/apache/xalan/transformer/TransformerImpl.java
+index dd0d4d9..0906d24 100644
+--- a/src/org/apache/xalan/transformer/TransformerImpl.java
++++ b/src/org/apache/xalan/transformer/TransformerImpl.java
+@@ -438,7 +438,9 @@ public class TransformerImpl extends Transformer
+     try
+     {
+       if (sroot.getExtensions() != null)
+-        m_extensionsTable = new ExtensionsTable(sroot);
++        //only load extensions if secureProcessing is disabled
++        if(!sroot.isSecureProcessing())
++            m_extensionsTable = new ExtensionsTable(sroot);
+     }
+     catch (javax.xml.transform.TransformerException te)
+     {te.printStackTrace();}
+diff --git a/src/org/apache/xpath/functions/FuncSystemProperty.java b/src/org/apache/xpath/functions/FuncSystemProperty.java
+index 4bea356..78ac980 100644
+--- a/src/org/apache/xpath/functions/FuncSystemProperty.java
++++ b/src/org/apache/xpath/functions/FuncSystemProperty.java
+@@ -58,7 +58,7 @@ public class FuncSystemProperty extends FunctionOneArg
+ 
+     String fullName = m_arg0.execute(xctxt).str();
+     int indexOfNSSep = fullName.indexOf(':');
+-    String result;
++    String result = null;
+     String propName = "";
+ 
+     // List of properties where the name of the
+@@ -98,14 +98,20 @@ public class FuncSystemProperty extends FunctionOneArg
+ 
+         try
+         {
+-          result = System.getProperty(propName);
+-
+-          if (null == result)
+-          {
+-
+-            // result = System.getenv(propName);
+-            return XString.EMPTYSTRING;
+-          }
++            //if secure procession is enabled only handle required properties do not not map any valid system property
++            if(!xctxt.isSecureProcessing())
++            {
++                result = System.getProperty(propName);
++            }
++            else
++            {
++                warn(xctxt, XPATHErrorResources.WG_SECURITY_EXCEPTION,
++                        new Object[]{ fullName });  //"SecurityException when trying to access XSL system property: "+fullName);
++            }
++            if (null == result)
++            {
++                return XString.EMPTYSTRING;
++            }
+         }
+         catch (SecurityException se)
+         {
+@@ -120,14 +126,20 @@ public class FuncSystemProperty extends FunctionOneArg
+     {
+       try
+       {
+-        result = System.getProperty(fullName);
+-
+-        if (null == result)
+-        {
+-
+-          // result = System.getenv(fullName);
+-          return XString.EMPTYSTRING;
+-        }
++          //if secure procession is enabled only handle required properties do not not map any valid system property
++          if(!xctxt.isSecureProcessing())
++          {
++              result = System.getProperty(fullName);
++          }
++          else
++          {
++              warn(xctxt, XPATHErrorResources.WG_SECURITY_EXCEPTION,
++                      new Object[]{ fullName });  //"SecurityException when trying to access XSL system property: "+fullName);
++          }
++          if (null == result)
++          {
++              return XString.EMPTYSTRING;
++          }
+       }
+       catch (SecurityException se)
+       {
diff --git a/SPECS/xalan-j2.spec b/SPECS/xalan-j2.spec
index ef54b40..0ef0f23 100644
--- a/SPECS/xalan-j2.spec
+++ b/SPECS/xalan-j2.spec
@@ -32,7 +32,7 @@
 
 Name:           xalan-j2
 Version:        2.7.1
-Release:        21%{?dist}
+Release:        23%{?dist}
 Epoch:          0
 Summary:        Java XSLT processor
 # src/org/apache/xpath/domapi/XPathStylesheetDOM3Exception.java is W3C
@@ -47,6 +47,10 @@ Patch0:         %{name}-noxsltcdeps.patch
 # Fix the serializer JAR filename in xalan-j2's MANIFEST.MF
 # https://bugzilla.redhat.com/show_bug.cgi?id=718738
 Patch1:         %{name}-serializerJARname.patch
+# Fix CVE-2014-0107: insufficient constraints in secure processing
+# feature (oCERT-2014-002).  Generated form upstream revisions 1581058
+# and 1581426.
+Patch2:         %{name}-CVE-2014-0107.patch
 URL:            http://xalan.apache.org/
 Group:          Development/Libraries
 
@@ -116,6 +120,7 @@ Demonstrations and samples for %{name}.
 %setup -q -n xalan-j_%{cvs_version}
 %patch0 -p0
 %patch1 -p0
+%patch2 -p1
 # Remove all binary libs, except ones needed to build docs and N/A elsewhere.
 for j in $(find . -name "*.jar"); do
     mv $j $j.no
@@ -244,6 +249,13 @@ update-alternatives --install %{_javadir}/jaxp_transform_impl.jar \
 %{_datadir}/%{name}
 
 %changelog
+* Thu Mar 27 2014 Mikolaj Izdebski <mizdebsk@redhat.com> - 0:2.7.1-23
+- Add patch to fix remote code execution vulnerability
+- Resolves: CVE-2014-0107
+
+* Fri Dec 27 2013 Daniel Mach <dmach@redhat.com> - 02.7.1-22
+- Mass rebuild 2013-12-27
+
 * Mon Aug 19 2013 Mikolaj Izdebski <mizdebsk@redhat.com> - 0:2.7.1-21
 - Move depmaps to appropriate packages
 - Resolves: rhbz#998605