The following example crashes with a NullPointerException in the latest builds of JDK 22. I think the culprit is JDK-8306632:

```
class T {
  public static void main(String[] args) throws Exception {
    var reader = XMLReaderFactory.createXMLReader();
    reader.setFeature("http://apache.org/xml/features/nonvalidating/load-external-dtd", false);
  }
}
```

```
$ java -fullversion
openjdk full version "22-ea+15-1134"
$ java T
Exception in thread "main" java.lang.NullPointerException: Cannot invoke "jdk.xml.internal.XMLSecurityManager.setLimit(String, jdk.xml.internal.JdkProperty$State, Object)" because "this.securityManager" is null
        at java.xml/com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.setFeature(AbstractSAXParser.java:1674)
        at T.main(T.java:5)
```