Check for XML XXE/XEE Vulnerabilities
Check that VaultWiki 4 is not vulnerable to XXE and XEE attacks. While VaultWiki only uses XML for responses from whitelisted sites (e.g. PayPal) and for upgrade XML files, should VaultWiki implement an RSS importer in the future (technically it's a regression of a VaultWiki 3 feature), then this possibile vulnerability needs to first be addressed.