From 5d05c4846101eb7a6413150dfb7413cb482f7903 Mon Sep 17 00:00:00 2001
From: Steve Worley <sj.worley88@gmail.com>
Date: Thu, 3 Apr 2025 21:19:28 +1000
Subject: [PATCH] Fix: Prevent External entity injection for libxml..

---
 .docker/images/php/01-govcms.ini | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/.docker/images/php/01-govcms.ini b/.docker/images/php/01-govcms.ini
index 4756ad099..bd2df1a34 100644
--- a/.docker/images/php/01-govcms.ini
+++ b/.docker/images/php/01-govcms.ini
@@ -4,3 +4,7 @@ session.gc_maxlifetime=3600
 session.cookie_lifetime=0
 upload_max_filesize=256M
 post_max_size=256M
+
+# Prevent remote XML entities from being processed.
+# https://nvd.nist.gov/vuln/detail/CVE-2025-1219
+libxml.disable_entity_loader = 1
\ No newline at end of file