From 6d48b0f1a93a5a44b95497063e885342240fbc27 Mon Sep 17 00:00:00 2001
From: Mark Felder <feld@feld.me>
Date: Fri, 4 Aug 2023 22:44:09 -0400
Subject: Document and test that XXE processing is disabled

https://vuln.be/post/xxe-in-erlang-and-elixir/
---
 changelog.d/akkoma-xml-remote-entities.security | 1 +
 1 file changed, 1 insertion(+)
 create mode 100644 changelog.d/akkoma-xml-remote-entities.security

(limited to 'changelog.d/akkoma-xml-remote-entities.security')

diff --git a/changelog.d/akkoma-xml-remote-entities.security b/changelog.d/akkoma-xml-remote-entities.security
new file mode 100644
index 000000000..b3c86bee1
--- /dev/null
+++ b/changelog.d/akkoma-xml-remote-entities.security
@@ -0,0 +1 @@
+Restrict XML parser from processing external entitites (XXE)
-- 
cgit v1.2.3


From 4099ddb3dc5840fa10cff743d87464acf7898a80 Mon Sep 17 00:00:00 2001
From: "Haelwenn (lanodan) Monnier" <contact@hacktivis.me>
Date: Sat, 5 Aug 2023 08:27:42 +0200
Subject: Mergeback release 2.5.4

---
 changelog.d/akkoma-xml-remote-entities.security | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'changelog.d/akkoma-xml-remote-entities.security')

diff --git a/changelog.d/akkoma-xml-remote-entities.security b/changelog.d/akkoma-xml-remote-entities.security
index b3c86bee1..5e6725e5b 100644
--- a/changelog.d/akkoma-xml-remote-entities.security
+++ b/changelog.d/akkoma-xml-remote-entities.security
@@ -1 +1 @@
-Restrict XML parser from processing external entitites (XXE)
+Fix XML External Entity (XXE) loading vulnerability allowing to fetch arbitary files from the server's filesystem
-- 
cgit v1.2.3