From 9662abd94de8e46bf392d64b12e9e49b670c8ddc Mon Sep 17 00:00:00 2001
From: tillcash <tillcash@users.noreply.github.com>
Date: Sat, 13 Sep 2025 17:35:27 +0530
Subject: [PATCH] [InvestorsObserverBridge] add `LIBXML_NONET` to prevent XXE
 (#4724)

---
 bridges/InvestorsObserverBridge.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/bridges/InvestorsObserverBridge.php b/bridges/InvestorsObserverBridge.php
index a09fb057..bd92fa4b 100644
--- a/bridges/InvestorsObserverBridge.php
+++ b/bridges/InvestorsObserverBridge.php
@@ -19,7 +19,7 @@ class InvestorsObserverBridge extends BridgeAbstract
             throwServerException('Unable to retrieve sitemap');
         }
 
-        $sitemap = simplexml_load_string($sitemapXml, null, LIBXML_NOCDATA);
+        $sitemap = simplexml_load_string($sitemapXml, null, LIBXML_NOCDATA | LIBXML_NONET);
 
         if (!$sitemap) {
             throwServerException('Unable to parse sitemap');