Defuse XML-RPC

Mitigate XML attacks in Odoo's XML-RPC

This module mitigates several XML-related attacks which are possible via Odoo's XML-RPC, most notably:

  • Billion Laughs (also known as the exponential entity expansion) attack;
  • gzip decompression bombs.

Plug & Play

No configuration required — just install the module and forget it!

Found a bug?

I would be grateful if you reported it on the project's issue tracker.