Index: log4net/src/Config/XmlConfigurator.cs
===================================================================
--- log4net.orig/src/Config/XmlConfigurator.cs	2021-01-12 22:29:30.179694992 +0800
+++ log4net/src/Config/XmlConfigurator.cs	2021-03-20 18:58:23.968174809 +0800
@@ -619,9 +619,9 @@
 					// Create a text reader for the file stream
 					XmlTextReader xmlReader = new XmlTextReader(configStream);
 #elif NET_2_0
-					// Allow the DTD to specify entity includes
 					XmlReaderSettings settings = new XmlReaderSettings();
-					settings.ProhibitDtd = false;
+					// don't allow the DTD to specify entity includes
+					settings.ProhibitDtd = true;
 
 					// Create a reader over the input stream
 					XmlReader xmlReader = XmlReader.Create(configStream, settings);
