2020-07-15

Performance improvement and resolved security vulnerability

Performance improvement

We've made some changes to the Cloud version of XSD viewer. As a result, the performance has been greatly improved by streaming the attachments to the image / table generation component.

Resolved security vulnerability

By participating in the Marketplace Security Bug Bounty program, the following security vulnerability has been discovered:

Previous versions of XSD Viewer allowed an XXE vulnerability via Document Type Definition (DTD), this allows SSRF and Local File Inclusion. The discovered vulnerability allows an attacker read access to internal HTTP endpoints, as well as all files on the filesystem.

In the latest version of XSD viewer this vulnerability has been resolved by disallowing any DTD in the XSD parsing engine. We have resolved this vulnerability since security is our top priority.

Are you having any questions regarding this release? Please contact our Support Desk.

Last updated