diff --git a/apps/routerconsole/java/src/net/i2p/router/update/NewsFetcher.java b/apps/routerconsole/java/src/net/i2p/router/update/NewsFetcher.java
index 39b42d105..3791ff89f 100644
--- a/apps/routerconsole/java/src/net/i2p/router/update/NewsFetcher.java
+++ b/apps/routerconsole/java/src/net/i2p/router/update/NewsFetcher.java
@@ -1,5 +1,6 @@
 package net.i2p.router.update;
 
+import java.io.ByteArrayInputStream;
 import java.io.BufferedWriter;
 import java.io.File;
 import java.io.FileInputStream;
@@ -10,6 +11,7 @@ import java.io.OutputStreamWriter;
 import java.io.Writer;
 import java.net.URI;
 import java.net.URISyntaxException;
+import java.security.GeneralSecurityException;
 import java.text.DateFormat;
 import java.util.ArrayList;
 import java.util.Collections;
@@ -21,6 +23,7 @@ import java.util.Map;
 import java.util.StringTokenizer;
 
 import net.i2p.app.ClientAppManager;
+import net.i2p.crypto.CertUtil;
 import net.i2p.crypto.SU3File;
 import net.i2p.crypto.TrustedUpdate;
 import net.i2p.data.Base64;
@@ -585,8 +588,13 @@ class NewsFetcher extends UpdateRunner {
                 continue;
             OutputStream out = null;
             try {
+                byte[] data = DataHelper.getUTF8(e.data);
+                // test for validity
+                CertUtil.loadCRL(new ByteArrayInputStream(data));
                 out = new SecureFileOutputStream(f);
-                out.write(DataHelper.getUTF8(e.data));
+                out.write(data);
+            } catch (GeneralSecurityException gse) {
+                _log.error("Bad CRL", gse);
             } catch (IOException ioe) {
                 _log.error("Failed to write CRL", ioe);
             } finally {
diff --git a/core/java/src/net/i2p/crypto/CertUtil.java b/core/java/src/net/i2p/crypto/CertUtil.java
index ae6667c8b..04a6c04bd 100644
--- a/core/java/src/net/i2p/crypto/CertUtil.java
+++ b/core/java/src/net/i2p/crypto/CertUtil.java
@@ -515,9 +515,9 @@ public final class CertUtil {
      *  Load a CRL. Does NOT Close the stream.
      *
      *  @return non-null
-     *  @since 0.9.25
+     *  @since 0.9.25 public since 0.9.26
      */
-    private static X509CRL loadCRL(InputStream in) throws GeneralSecurityException {
+    public static X509CRL loadCRL(InputStream in) throws GeneralSecurityException {
         CertificateFactory cf = CertificateFactory.getInstance("X.509");
         return (X509CRL) cf.generateCRL(in);
     }
diff --git a/history.txt b/history.txt
index 3d00a3ae0..6deb67428 100644
--- a/history.txt
+++ b/history.txt
@@ -1,3 +1,6 @@
+2016-04-28 zzz
+ * News: Parse and store CRLs in news feed
+
 2016-04-28 zzz
 Prop from i2p.i2p.zzz.gmp6-prop:
  * CPUID:
diff --git a/router/java/src/net/i2p/router/RouterVersion.java b/router/java/src/net/i2p/router/RouterVersion.java
index c10128fe6..fecba78d6 100644
--- a/router/java/src/net/i2p/router/RouterVersion.java
+++ b/router/java/src/net/i2p/router/RouterVersion.java
@@ -18,7 +18,7 @@ public class RouterVersion {
     /** deprecated */
     public final static String ID = "Monotone";
     public final static String VERSION = CoreVersion.VERSION;
-    public final static long BUILD = 6;
+    public final static long BUILD = 7;
 
     /** for example "-test" */
     public final static String EXTRA = "";