You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@xalan.apache.org by "Felix Knecht (Jira)" <ji...@apache.org> on 2022/09/08 08:33:00 UTC
[jira] [Commented] (XALANJ-2637) Xalan 2.7.2 Vulnerability
[ https://issues.apache.org/jira/browse/XALANJ-2637?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17601711#comment-17601711 ]
Felix Knecht commented on XALANJ-2637:
--------------------------------------
I think this is about [CVE-2022-34169|http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-34169]
[~vicfromhell] : Also see the dev discussion here: [https://lists.apache.org/thread/2qvl7r43wb4t8p9dd9om1bnkssk07sn8]
[~ggregory] : It would be great to see a 2.7.2.1 with this fix included on maven central. I also saw that OpenJDK seems to package a fixed version of xalan so I would not need to package it myself? Is there a list of JDKs that package xalan?
> Xalan 2.7.2 Vulnerability
> -------------------------
>
> Key: XALANJ-2637
> URL: https://issues.apache.org/jira/browse/XALANJ-2637
> Project: XalanJ2
> Issue Type: Bug
> Security Level: No security risk; visible to anyone(Ordinary problems in Xalan projects. Anybody can view the issue.)
> Components: Xalan
> Affects Versions: 2.7.2
> Reporter: vick
> Assignee: Gary D. Gregory
> Priority: Major
> Fix For: 2.7.2
>
>
> I need to remove the vulnerability detected for the Apache Xalan library, version 2.7.2, so the application will be free of this vulnerability
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@xalan.apache.org
For additional commands, e-mail: dev-help@xalan.apache.org