This was done to protect the Gateway against DTD Entity Expansion Attacks. From a technical perspective, the XML parser will not allow DOCTYPE declarations. When the parser encounters a message containing a DOCTYPE, it terminates parsing without expanding the entity or entities. The CA API Gateway then logs and audits a warning that a message was badly formed. This allows administrators to monitor potential intrusion attempts, while keeping the protected services safe.