XML Parser and XML External Entity
![[Deleted User]](https://community.decisions.com/applications/dashboard/design/images/defaulticon.png)
Does the XML parser Decisions uses have XML External Entity disabled by default?
Comments
-
The .NET XML features that Decisions uses are, by default, not vulnerable to XXE in .NET Framework 4.5.2 and above, and in .NET Core 2.1 and above (including .NET 5 and 6). Therefore, any somewhat recent version should be secure against XXE vulnerabilities.