You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@xalan.apache.org by "Felix Knecht (Jira)" <ji...@apache.org> on 2022/09/08 08:33:00 UTC

[jira] [Commented] (XALANJ-2637) Xalan 2.7.2 Vulnerability

    [ https://issues.apache.org/jira/browse/XALANJ-2637?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17601711#comment-17601711 ] 

Felix Knecht commented on XALANJ-2637:
--------------------------------------

I think this is about [CVE-2022-34169|http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-34169]

[~vicfromhell] : Also see the dev discussion here: [https://lists.apache.org/thread/2qvl7r43wb4t8p9dd9om1bnkssk07sn8]

[~ggregory] : It would be great to see a 2.7.2.1 with this fix included on maven central. I also saw that OpenJDK seems to package a fixed version of xalan so I would not need to package it myself? Is there a list of JDKs that package xalan?

> Xalan 2.7.2 Vulnerability
> -------------------------
>
>                 Key: XALANJ-2637
>                 URL: https://issues.apache.org/jira/browse/XALANJ-2637
>             Project: XalanJ2
>          Issue Type: Bug
>      Security Level: No security risk; visible to anyone(Ordinary problems in Xalan projects.  Anybody can view the issue.) 
>          Components: Xalan
>    Affects Versions: 2.7.2
>            Reporter: vick
>            Assignee: Gary D. Gregory
>            Priority: Major
>             Fix For: 2.7.2
>
>
> I need to remove the vulnerability detected for the Apache Xalan library, version 2.7.2, so the application will be free of this vulnerability



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@xalan.apache.org
For additional commands, e-mail: dev-help@xalan.apache.org