diff --git a/core/nuts-runtime/src/main/java/net/thevpc/nuts/runtime/core/format/xml/NutsXmlUtils.java b/core/nuts-runtime/src/main/java/net/thevpc/nuts/runtime/core/format/xml/NutsXmlUtils.java
index 5672aa800..5be800451 100755
--- a/core/nuts-runtime/src/main/java/net/thevpc/nuts/runtime/core/format/xml/NutsXmlUtils.java
+++ b/core/nuts-runtime/src/main/java/net/thevpc/nuts/runtime/core/format/xml/NutsXmlUtils.java
@@ -209,7 +209,8 @@ public static DocumentBuilder createDocumentBuilder(boolean safe, NutsSession se
             documentFactory.setExpandEntityReferences(false);
             // This is the PRIMARY defense. If DTDs (doctypes) are disallowed, almost all XML entity attacks are prevented
             // Xerces 2 only - http://xerces.apache.org/xerces2-j/features.html#disallow-doctype-decl
-            setLenientFeature(documentFactory, "http://apache.org/xml/features/disallow-doctype-decl", true);
+            //commented because some pom.xml contains <!DOCTYPE xml>
+            //setLenientFeature(documentFactory, "http://apache.org/xml/features/disallow-doctype-decl", true);
 
             // If you can't completely disable DTDs, then at least do the following:
             // Xerces 1 - http://xerces.apache.org/xerces-j/features.html#external-general-entities
diff --git a/core/nuts-runtime/src/main/java/net/thevpc/nuts/runtime/core/parser/DefaultNutsVersionParser.java b/core/nuts-runtime/src/main/java/net/thevpc/nuts/runtime/core/parser/DefaultNutsVersionParser.java
index 47bbd3198..e8b4a468c 100644
--- a/core/nuts-runtime/src/main/java/net/thevpc/nuts/runtime/core/parser/DefaultNutsVersionParser.java
+++ b/core/nuts-runtime/src/main/java/net/thevpc/nuts/runtime/core/parser/DefaultNutsVersionParser.java
@@ -10,7 +10,7 @@ public class DefaultNutsVersionParser implements NutsVersionParser {
     /**
      * ${} added to support versions as maven place-holders
      */
-    private static final Pattern PATTERN=Pattern.compile("[A-Za-z0-9._*,()\\[\\] ${}-]+");
+    private static final Pattern PATTERN=Pattern.compile("[A-Za-z0-9._*,()\\[\\] ${}+-]+");
     private NutsSession session;
     private boolean lenient=false;
     private boolean acceptBlank = true;