Latest commit f081dbf Dec 4, 2015 @njoyce njoyce committed with njoyce Switch to use defusedxml as the default xml loader.
By default, PyAMF will not support potentially vulnerable payloads. See
https://www.owasp.org/index.php/XML_External_Entity_(XXE)_Processing.

All the standard XML processing libs that PyAMF previously supported are still supported.

There may be people who use DTD/Entities as part of their AMF payloads - they will have
to continue to use an old version or make an issue to see how their use case can still be
supported.