diff --git a/app/common/src/main/java/stirling/software/common/util/SvgSanitizer.java b/app/common/src/main/java/stirling/software/common/util/SvgSanitizer.java
index 8841db360..c5addc0f3 100644
--- a/app/common/src/main/java/stirling/software/common/util/SvgSanitizer.java
+++ b/app/common/src/main/java/stirling/software/common/util/SvgSanitizer.java
@@ -86,7 +86,7 @@ public class SvgSanitizer {
         DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
 
         factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
-
+        factory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
         factory.setFeature("http://xml.org/sax/features/external-general-entities", false);
         factory.setFeature("http://xml.org/sax/features/external-parameter-entities", false);
         factory.setFeature("http://apache.org/xml/features/nonvalidating/load-external-dtd", false);
diff --git a/app/core/src/main/java/stirling/software/SPDF/service/CertificateValidationService.java b/app/core/src/main/java/stirling/software/SPDF/service/CertificateValidationService.java
index 026a48b81..1167a5bd5 100644
--- a/app/core/src/main/java/stirling/software/SPDF/service/CertificateValidationService.java
+++ b/app/core/src/main/java/stirling/software/SPDF/service/CertificateValidationService.java
@@ -612,9 +612,11 @@ public class CertificateValidationService {
      */
     private int parseSecuritySettingsXML(InputStream xmlStream) throws Exception {
         DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
+        factory.setFeature(javax.xml.XMLConstants.FEATURE_SECURE_PROCESSING, true);
         factory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
         factory.setFeature("http://xml.org/sax/features/external-general-entities", false);
         factory.setFeature("http://xml.org/sax/features/external-parameter-entities", false);
+        factory.setFeature("http://apache.org/xml/features/nonvalidating/load-external-dtd", false);
         factory.setXIncludeAware(false);
         factory.setExpandEntityReferences(false);
 
@@ -838,9 +840,11 @@ public class CertificateValidationService {
         DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
         factory.setNamespaceAware(true);
         // Secure processing hardening
+        factory.setFeature(javax.xml.XMLConstants.FEATURE_SECURE_PROCESSING, true);
         factory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
         factory.setFeature("http://xml.org/sax/features/external-general-entities", false);
         factory.setFeature("http://xml.org/sax/features/external-parameter-entities", false);
+        factory.setFeature("http://apache.org/xml/features/nonvalidating/load-external-dtd", false);
         factory.setXIncludeAware(false);
         factory.setExpandEntityReferences(false);
         return factory;
diff --git a/testing/cucumber/features/steps/step_definitions.py b/testing/cucumber/features/steps/step_definitions.py
index 65c471e71..aa1d45cac 100644
--- a/testing/cucumber/features/steps/step_definitions.py
+++ b/testing/cucumber/features/steps/step_definitions.py
@@ -292,7 +292,7 @@ def step_encrypt_pdf(context, password):
 
 @given("the request data is")
 def step_request_data(context):
-    context.request_data = eval(context.text)
+    context.request_data = json_module.loads(context.text)
 
 
 @given("the request data includes")