CPL-9465: There was a security vulnerability with RSS feeds that include DTDs

	English	
Deutsch - Machine Translation Español - Machine Translation Français (France) - Machine Translation Italiano - Machine Translation 日本語 - Machine Translation 한국어 - Machine Translation Português (Brasil) - Machine Translation Русский - Machine Translation 简体中文 - Machine Translation

Release Update KB0396033

Fix ID: CPL-9465

The RSS feed in the News content item on the dashboard was open to XML external entity (XXE) attacks.

Now, XXE attacks are treated as invalid RSS feed.

This added protection means the RSS feed no longer allows doctype declarations (DTDs). If you're using an RSS feed that includes a DTD, users will see a message saying the feed is invalid.

Action required

Be aware of the new restriction against DTDs in RSS feeds. Make any changes necessary so the News content item includes only valid feeds.

Applies To

Catalog Management
Invoicing
Purchasing
Supplier Information & Performance Management