Document and test that XXE processing is disabled

https://vuln.be/post/xxe-in-erlang-and-elixir/
author: Mark Felder <feld@feld.me> 2023-08-04 22:44:09 -0400
committer: Haelwenn (lanodan) Monnier <contact@hacktivis.me> 2023-08-05 08:14:27 +0200
commit: 6d48b0f1a93a5a44b95497063e885342240fbc27 (patch)
tree: fcaa48fe9e66681c2b6860e853e83ed5ff6ab148
parent: 307692cee8cdd0dbe3e6cf40c1192fcf43910610 (diff)
download: pleroma-6d48b0f1a93a5a44b95497063e885342240fbc27.tar.gz
pleroma-6d48b0f1a93a5a44b95497063e885342240fbc27.zip
1 files changed, 1 insertions, 0 deletions
diff --git a/changelog.d/akkoma-xml-remote-entities.security b/changelog.d/akkoma-xml-remote-entities.security
new file mode 100644
index 000000000..b3c86bee1
--- /dev/null
+++ b/changelog.d/akkoma-xml-remote-entities.security
@@ -0,0 +1 @@
+Restrict XML parser from processing external entitites (XXE)
author	Mark Felder <feld@feld.me>	2023-08-04 22:44:09 -0400
committer	Haelwenn (lanodan) Monnier <contact@hacktivis.me>	2023-08-05 08:14:27 +0200
commit	6d48b0f1a93a5a44b95497063e885342240fbc27 (patch)
tree	fcaa48fe9e66681c2b6860e853e83ed5ff6ab148
parent	307692cee8cdd0dbe3e6cf40c1192fcf43910610 (diff)
download	pleroma-6d48b0f1a93a5a44b95497063e885342240fbc27.tar.gz pleroma-6d48b0f1a93a5a44b95497063e885342240fbc27.zip