http://www.ws-attacks.org/XML_Entity_Expansion states

If you are sure that your web service framework implements the SOAP 1.2 standard correctly you are not vulnerable to any of these attacks. In case you are not sure, the easiest and most forward way is to manually check prior to parsing whether or not an opening DTD Tag is existent. If that is the case just discard the message.

Therefore, I would not be surprised if there were no plans to write a fix that would normally be implemented by another layer. I appreciate that this doesn't really answer your question, although it might suggest a workaround, and I'm only guessing about plans for the module.

Regards,

John Davies