XmlConfigurator: do longer allow dtd processing across all platforms (LOG4NET-575)

This patch fixes a security vulnerabiliy reported by Karthik Balasundaram. The security
vulnerability was found in the way how log4net parses xml configuration files where it
allowed to process XML External Entity Processing. An attacker could use this as an
attack vector if he could modify the XML configuration file.

Author: dpsenner

src/log4net/Config/XmlConfigurator.cs

@@ -721,10 +721,10 @@ static private void InternalConfigure(ILoggerRepository repository, Stream confi
                                         // is obsolete: 'Use XmlReaderSettings.DtdProcessing property instead.'
 #if NETSTANDARD1_3 // TODO DtdProcessing.Parse not yet available (https://github.com/dotnet/corefx/issues/4376)
 					settings.DtdProcessing = DtdProcessing.Ignore;
-#elif !NET_4_0 && !MONO_4_0 && !NETSTANDARD2_0
-					settings.ProhibitDtd = false;
+#elif !NET_4_0 && !MONO_4_0
+					settings.ProhibitDtd = true;
 #else
-					settings.DtdProcessing = DtdProcessing.Parse;
+					settings.DtdProcessing = DtdProcessing.Ignore;
 #endif
 
 					// Create a reader over the input stream