Move/Copy/Promote operations were vulnerable to XML External Entity (XXE) attack if some of the XML files involved contained malicious code. (CTR-1895)
With this fix, malicious files are rejected by the XML parser and the Move/Copy/Promote operation is stopped.