external entity expansion in Apache POI

hi, i found and reported XXE in greenhouse.io and it turns out it is XXE in Apache POI :) this vulnerability allows me to read system files and do other dangerous stuff. they reported it to Apache POI and they fixed it: http://mail-archives.apache.org/mod_mbox/www-announce/201408.mbox/%3C003401cfbb3b%24a48ef2d0%24edacd870%24%40apache.org%3E they told me it affects thousands of websites and services around the world and the advisory doesn't not include my name and can't be updated :( please read my report: https://hackerone.com/reports/19958 thanks best regards