home

Zuora Platform

Zuora BillingZuora PaymentsZuora PlatformZuora CPQZephrZuora RevenueAccounts ReceivableRelease NotesBasicsEntitlementsSupport and policies
Zuora BillingZuora PaymentsZuora PlatformZuora CPQZephrZuora RevenueAccounts ReceivableRelease NotesBasicsEntitlementsSupport and policies

Welcome to Zuora Product Documentation

Explore our rich library of product information

Show Contents

thumbnailZuora Platform

Configure CSV injection protection for attachments

Default behavior for CSV injection protection

The default CSV injection setting is Allow for existing tenants and entities, and Block for new ones, enhancing protection against CSV injection attacks.

  • For existing tenants and entities, the CSV injection setting is set to Allow by default. There is no change in behavior unless an administrator updates the setting.

  • For newly created tenants and entities, the CSV injection setting is set to Block by default to provide stronger protection against CSV injection attacks.

Last updated: February 9, 2026