The property to set the entity expansion limit has had several different names over the years (and Java versions): "jdk.xml.entityExpansionLimit", "http://www.oracle.com/xml/jaxp/properties/entityExpansionLimit", and just "entityExpansionLimit".

I have been trying to set this property in an old piece of software, which needs to survive until I have finished porting it to BaseX.
However, all variations report that the property is unknown.

I have serious doubts about whether it is possible to set this property at all, in spite of Oracle's documentation in [https://docs.oracle.com/en/java/javase/21/security/java-api-xml-processing-jaxp-security-guide.html#GUID-61FD4DB8-244C-41B2-BC21-01B01C5D40EC].
I will explain why:

In my version of Java, the SAXParserFactory implementation is `org.apache.xerces.jaxp.SAXParserFactoryImpl`. This seems to be different, but not too different, from `com.sun.org.apache.xerces.internal.jaxp.SAXParserFactoryImpl`, which Gunther Rademacher had in his message.
The entityExpansionLimit property is set in an instance of [https://github.com/apache/xerces-j/blob/main/src/org/apache/xerces/util/SecurityManager.java].
The security manager is set in [https://github.com/apache/xerces-j/blob/main/src/org/apache/xerces/jaxp/SAXParserImpl.java], if secure processing is turned on, by creating a `new SecurityManager()`.
The `SecurityManager` uses the `DEFAULT_ENTITY_EXPANSION_LIMIT = 100000`, and never looks at the entityExpansionLimit property or its variations.
I have been trying to get to the security manager via `SAXParserImpl.getProperty`, but that does not seem possible. If I could do that, I could change the entityExpansionLimit directly on the `SecurityManager`.

This is how far I got, and I think I am stuck here.