Xero Security Filter


Update 13-August-2018

We have now rolled out a update to all processing servers to resolve this issue.


Xero has recently rolled out a security upgrade that is affecting some of our customers’ ability to sync invoices.

How can this affect you?

Any words inside your billing items that Xero considers as a 'threat' to the their platform will cause the entire invoice to be rejected.

The outcome appears as an invoice sync error on our end. With the description The ';' character, hexadecimal value 0x3B, cannot be included in a name. Line 7, position 293 

What’s changed?

Xero are now doing deep packet inspection on all API requests before they are passed over to the Xero API for processing. The inspection layer is looking for words like “cmd.exe” “system32” etc.

What is Cloud Depot doing?

We will shortly be rolling out a filtering system on all billing items looking for such words, if we find them we will replace it with '[retracted]'. Xero unfortunately doesn't provide a list of words so we will build up our dictionary of words overtime as we find them.

In the interim if you find one of your invoices has been affected by this issue, please contact our support team and we will sync it manually for you.