[please excuse the repetition if you've seen this on other lists] Hi,
I have uploaded [1] version 1.0.2 of the Perl module MARC::File::XML to CPAN. This is a security release that repairs an XML external entity (XXE) vulnerability. I recommend that all users of MARC::File::XML upgrade promptly, particularly if the use is via a web application that accepts MARCXML input. Here is the change log entry: 1.0.2 Tue Jan 21 17:18:37 UTC 2014 - MARC::File::XML will now die upon parsing a record that declares an external entity and tries to use it. This prevents the potential unwanted disclosure of the contents of files on the server by applications that embed this module. If, for some reason, an application needs to process MARCXML records that contain external entities, set_parser() can be used to force the use of an XML::LibXML parser that is configured to process external entities. The issue was reported by John Lightsey. [1] https://metacpan.org/release/GMCHARLT/MARC-XML-1.0.2 Regards, Galen -- Galen Charlton Manager of Implementation Equinox Software, Inc. / The Open Source Experts email: g...@esilibrary.com direct: +1 770-709-5581 cell: +1 404-984-4366 skype: gmcharlt web: http://www.esilibrary.com/ Supporting Koha and Evergreen: http://koha-community.org & http://evergreen-ils.org