Hello friends, I invite you to check this blog post that I found after receiving the report:

https://vuln.be/post/xxe-in-erlang-and-elixir/

Apparently the bundled Erlang XML library xmerl along with a few other Erlang/Elixir XML parsers are vulnerable by default and we had no clue.