Legacy xls upload not possible anymore

[Patta]

Since v5.0.x, the import of old .xls files is no longer possible due to possible security problems. This may also affect other old file extensions. Converting .xls to .xlsx is a workaround.

This warning is shown after uploading:

503
Oops, an error occurred!
Detected use of ENTITY in XML, spreadsheet file load() aborted to prevent XXE/XEE attacks

Exception in BE log: Core: Exception handler (WEB): Uncaught TYPO3 Exception: Detected use of ENTITY in XML, spreadsheet file load() aborted to prevent XXE/XEE attacks | PhpOffice\PhpSpreadsheet\Reader\Exception thrown in file /var/www/vhosts/REMOVED/vendor/phpoffice/phpspreadsheet/src/PhpSpreadsheet/Reader/Security/XmlScanner.php in line 151. Requested URL: https://REMOVED/typo3/module/web/xlsimport?token=--AnonymizedToken--&action=upload&id=17342

Possible solution: Remove .xls from the allowed file extensions and update the import info to modern file extensions above the import form in the backend module.

OS: Debian Server: Apache TYPO3: 11.5.36 PHP: 8.1.27 Composer: yes

[calien666]

Thank you for the hint, I will take care about this and will remove the legacy xls support asap.