Also it was reported by nostr:npub1j3pf2vg36vgxtmxjxuxcu5ynh5krrvl55qmy9rfx98d8pp4cawcsvzm7q2 so thanks a lot!
#Pleroma Security Release 2.5.4
Fix XML External Entity (XXE) loading vulnerability allowing to fetch arbitrary files from the server's filesystem.
https://pleroma.social/announcements/2023/08/05/pleroma-security-release-2.5.4/
Discussion
Thank you for finding this Mae
every little fix makes us closer to being impenetrable 😇