Skip to Content

Defuse XML-RPC

by
Odoo
Third Party 1 80
Download for v 10.0 Deploy on Odoo.sh
Availability
Odoo Online
Odoo.sh
On Premise
Technical Name sec_defused_xmlrpc
LicenseAGPL-3
Websitehttps://naglis.me/
Versions
You bought this module and need support? Click here!
Availability
Odoo Online
Odoo.sh
On Premise
Technical Name sec_defused_xmlrpc
LicenseAGPL-3
Websitehttps://naglis.me/
Versions

Defuse XML-RPC

Mitigate XML attacks in Odoo's XML-RPC

This module mitigates several XML-related attacks which are possible via Odoo's XML-RPC, most notably:

  • Billion Laughs (also known as the exponential entity expansion) attack;
  • gzip decompression bombs.

Plug & Play

No configuration required — just install the module and forget it!

Found a bug?

I would be grateful if you reported it on the project's issue tracker.

Defuse XML-RPC

Installation

Before installing the addon, make sure the defusedxml Python package is installed in your system. You can install it by running:

pip install defusedxml

You can read more about installing Python packages here.

After that, this addon can be installed as any other regular Odoo addon:

  • Unzip the addon in one of Odoo's addons paths.
  • Login to Odoo as a user with administrative privileges, go into debug mode.
  • Go to Apps -> Update Apps List, click Update in the dialog window.
  • Go to Apps -> Apps, remove the Apps filter in the search bar and search for Defuse XML-RPC. Click Install button on the addon.

Configuration

If you run into problems with large XML-RPC request/response bodies, you may increase the maximum size of the request/response body via Odoo configuration file. Simply set the defused_xml_max_data configuration option to something larger than 47185920, which is the default (equal to 45 MB). Odoo server process must be restarted after changing the value in order for the new configuration to take effect.

Uninstallation

  • Login to Odoo as a user with administrative privileges, go into debug mode.
  • Go to Apps -> Apps, remove the Apps filter in the search bar and search for Defuse XML-RPC.
  • Click on the addon, then click the Uninstall button.

Note

After uninstalling the addon the Odoo server process needs to be restarted in order for the module to be completely uninstalled.

Please log in to comment on this module

  • The author can leave a single reply to each comment.
  • This section is meant to ask simple questions or leave a rating. Every report of a problem experienced while using the module should be addressed to the author directly (refer to the following point).
  • If you want to start a discussion with the author, please use the developer contact information. They can usually be found in the description.
Please choose a rating from 1 to 5 for this module.