Security Release: Fixed XML External Entity (XXE) Vulnerability We have released a security fix for an XML External Entity (XXE) vulnerability identified as CVE-2024-55875. We recommend all users upgrade to the latest version. Security Fix: - Fixed XXE vulnerability (CVE-2024-55875) in XML processing by disabling entity expansion. Note: This change affects how XML entity references are handled. If your code relies on XML entity expansion (like replacing &entity; references with their defined content), it will need to be updated. Entity references will now remain as unexpanded text in the document. Affected Versions: - All 5.X.X.X versions prior to 5.41.0.0 - All 4.X.X.X versions prior to 4.50.0.0 Recommended Action: - Update to latest version as soon as possible For more details about this vulnerability and the fix timeline, please see the security advisory: https://www.http4k.org/security/cve-2024-12345/ Thanks go to @JAckLosingHeart for responsibly reporting this issue.