diff --git a/grobid-core/src/main/java/org/grobid/core/document/OPSService.java b/grobid-core/src/main/java/org/grobid/core/document/OPSService.java
index 7b2cf22763..f6edf28dfb 100755
--- a/grobid-core/src/main/java/org/grobid/core/document/OPSService.java
+++ b/grobid-core/src/main/java/org/grobid/core/document/OPSService.java
@@ -118,8 +118,11 @@ public String descriptionRetrieval(String patentNumber) throws IOException,
 			spf.setFeature("http://xml.org/sax/features/validation", false);
 			spf.setFeature("http://xml.org/sax/features/external-general-entities", false);
 			spf.setFeature("http://xml.org/sax/features/external-parameter-entities", false);
+			spf.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
 			//get a new instance of parser
 			XMLReader reader = spf.newSAXParser().getXMLReader();
+			reader.setFeature("http://xml.org/sax/features/external-general-entities", false);
+			reader.setFeature("http://xml.org/sax/features/external-parameter-entities", false);
 			reader.setEntityResolver(new EntityResolver() {
 				public InputSource resolveEntity(String publicId, String systemId) {
 					return new InputSource(
diff --git a/grobid-service/src/main/java/org/grobid/service/process/GrobidRestProcessTraining.java b/grobid-service/src/main/java/org/grobid/service/process/GrobidRestProcessTraining.java
index 10664d2f09..b425af0c27 100644
--- a/grobid-service/src/main/java/org/grobid/service/process/GrobidRestProcessTraining.java
+++ b/grobid-service/src/main/java/org/grobid/service/process/GrobidRestProcessTraining.java
@@ -359,6 +359,11 @@ public void run() {
     public Response resultTraining(String token) {
         Response response = null;
         try {
+            // Validate the token to prevent directory traversal
+            if (token.contains("..") || token.contains("/") || token.contains("\\")) {
+                throw new GrobidServiceException("Invalid token", Status.BAD_REQUEST);
+            }
+
             // access report file under token subdirectory
             File home = GrobidProperties.getInstance().getGrobidHomePath();
             String tokenPath = home.getAbsolutePath() + "/training-history/" + token;