You are viewing a plain text version of this content. The canonical link for it is here.

Posted to c-dev@xerces.apache.org by "Cantor, Scott" <ca...@osu.edu> on 2019/12/16 12:56:20 UTC

Public disclosure of unfixed security issue

FYI to committers not on the PMC list,

After a discussion, there was a consensus vote to respond to a concern raised by the Apache security team by publically disclosing and documenting a vulnerability in Xerces-C that was reported last year and has remained unfixed to a lack of resources willing/able to work on a fix, to this point at least.

The PMC agreed, so I volunteered to get it documented in the advisories section of the web site this week and will try and get that done today.

-- Scott