PHPackages wubinworks/module-xml-security - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Security](/categories/security) 4. / 5. wubinworks/module-xml-security ActiveMagento2-module[Security](/categories/security) wubinworks/module-xml-security ============================== A replacement of `\\Magento\\Framework\\Xml\\Security` for Magento 2 with enhanced security. 1.0.1(1y ago)0261OSL-3.0PHPPHP >=7.1 Since Dec 23Pushed 1y ago1 watchersCompare [ Source](https://github.com/wubinworks/magento2-enhanced-xml-security)[ Packagist](https://packagist.org/packages/wubinworks/module-xml-security)[ Docs](https://www.wubinworks.com)[ RSS](/packages/wubinworks-module-xml-security/feed)WikiDiscussions master Synced 1mo ago READMEChangelog (2)Dependencies (2)Versions (4)Used By (0) Enhanced XML Security for Magento 2 =================================== [](#enhanced-xml-security-for-magento-2) **A replacement of `\Magento\Framework\Xml\Security` for Magento 2 with enhanced security.** Background ---------- [](#background) When the `SAPI` is `php-fpm`, `\Magento\Framework\Xml\Security` cannot detect entity if the XML string is not encoded in `UTF-8`. This is a potential security issue and many developers forget to detect the XML encoding before using this class. *Note: the above class works correctly in CLI.* ##### A note about [CVE-2024-2961](https://www.cve.org/CVERecord?id=CVE-2024-2961) [](#a-note-about-cve-2024-2961) *XML string with `encoding="ISO-2022-CN-EXT"` won't cause the buffer overflow. So we don't forbid this encoding.* Features -------- [](#features) After installing this extension, `\Magento\Framework\Xml\Security` is `preference`d, and you don't need to worry about the XML encoding anymore. ``` /** @var \Magento\Framework\Xml\Security $xmlSecurity */ $xmlSecurity->scan($xmlString); ``` That's it. Requirements ------------ [](#requirements) Magento 2.3 Magento 2.4 Installation ------------ [](#installation) **`composer require wubinworks/module-xml-security`** *This extension requires dependencies that are not included in default Magento installation, so you need to use `composer`.* ♥ - [](#) If you like this extension or this extension helped you, please ★star☆ this repository. You may also like: [Magento 2 patch for CVE-2024-34102(aka Cosmic Sting)](https://github.com/wubinworks/magento2-cosmic-sting-patch) ### Health Score 25 — LowBetter than 37% of packages Maintenance41 Moderate activity, may be stable Popularity9 Limited adoption so far Community8 Small or concentrated contributor base Maturity35 Early-stage or recently created project Bus Factor1 Top contributor holds 100% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~22 days Total 2 Last Release 489d ago PHP version history (2 changes)1.0.0PHP >=7.3 1.0.1PHP >=7.1 ### Community Maintainers ![](https://www.gravatar.com/avatar/7de965a6287fb784969afeb4b173521d3cb59c6b873b7248263abb9fc098eddd?d=identicon)[wubinworks](/maintainers/wubinworks) --- Top Contributors [![wubinworks](https://avatars.githubusercontent.com/u/127310257?v=4)](https://github.com/wubinworks "wubinworks (4 commits)") --- Tags cosmic-stingcve-2024-34102encodingenhancementmagento2php-fpmsecurityxmlxml-encodingxml-entityxml-securityxxexmlsecurityencodingphp-fpmmagento2magento 2xml-entitycve-2024-34102cosmic stingxxexml securitycosmicstingenhancementxml encoding ### Embed Badge ![Health badge](/badges/wubinworks-module-xml-security/health.svg) ``` [![Health](https://phpackages.com/badges/wubinworks-module-xml-security/health.svg)](https://phpackages.com/packages/wubinworks-module-xml-security) ``` ### Alternatives [ass/xmlsecurity The XmlSecurity library is written in PHP for working with XML Encryption and Signatures 955.6M30](/packages/ass-xmlsecurity)[laminas/laminas-xml Utility library for XML usage, best practices, and security in PHP 143.2M19](/packages/laminas-laminas-xml)[fr3d/xmldsig Tool for easy management of XML Signatures (http://www.w3.org/TR/xmldsig-core/) 63150.6k1](/packages/fr3d-xmldsig) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)