Consider adding defusedxml to harden XML PUT endpoint
toolness opened this issue · comments
Atul Varma commented
We added XML (Akoma Ntoso) support for our REST PUT endpoint in #873 but there's some confusion over whether we actually need defusedxml
or not, to guard against certain types of attacks. See e.g. #868 (comment) for more details.