XML DTD Entity Attack Issue

Malicious XML data on pwmEventLog LDAP attributes, database columns, or other sources used for password event logs could cause the application to load and reflect DTD entity references inappropriately.

Thanks to Yassine Bengana & Maxime Escourbiac from Michelin CERT Team for discovery and responsible disclosure of this issue.