A eclipse-wtp security update has been released for Debian GNU/Linux 9 LTS to address an issue where a component of the Eclipse IDE, XML and DTD files referring to external entities could be exploited to send the contents of local files to a remote server when edited or validated, even when external entity resolution is disabled in the user preferences.