As a step to increase the security of we have decided to disallow the usage of external schemas for xml in Ultra and Web Services. This can potentially break configurations when upgrading, but it should also be a trivial thing to fix.
We recommend removing references to external DTD files, external stylesheets and external schemas. All these will however not break existing configurations, that is isolated to the external DTD files.
Ultra
Using the example in /wiki/spaces/MD82/pages/3781736 with a slight modification.
xml_schema { <?xml version="1.0" encoding="ISO-8859-1"?> <!DOCTYPE note SYSTEM "note.dtd"> <schema xmlns = "http://www.w3.org/2001/XMLSchema"> <element name="TRANSACTION_LOG"> <complexType> <sequence> <element ref="TRANSACTION" maxOccurs="unbounded"/> </sequence> </complexType> </element> <element name="TRANSACTION"> <complexType> <attribute name="TXID" type="string" use="required"/> <sequence> <element name="USER" type="string" minOccurs="1" maxOccurs="1"/> <element name="IP" type="string" minOccurs="1" maxOccurs="1"/> <element name="ITEM" type="string" minOccurs="1" maxOccurs="1"/> <element name="VALUE" type="long" minOccurs="1" maxOccurs="1"/> <element name="TIMESTAMP" type="dateTime" minOccurs="1" maxOccurs="1"/> <element name="CURRENCY" type="string" minOccurs="1" maxOccurs="1"/> <element name="MISC" type="string" minOccurs="0" maxOccurs="unbounded"/> </sequence> </complexType> </element> </schema> };
If we were to use the example above, this would not work. The change required would be to remove the following row:
<!DOCTYPE note SYSTEM "note.dtd">
When validating the xml schema we are not validating with the dtd, so there are no changes to functionality.
Web Services
There are no difference between Web Services and Ultra in how these changes have been implemented. So much like above there might be compatibility issues when upgrading. Please refer to the types we recommend removing above when troubleshooting your WSDL files.