You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@camel.apache.org by "Claus Ibsen (Jira)" <ji...@apache.org> on 2022/08/04 08:46:00 UTC
[jira] [Commented] (CAMEL-18346) Remove use of Xalan
[ https://issues.apache.org/jira/browse/CAMEL-18346?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17575127#comment-17575127 ]
Claus Ibsen commented on CAMEL-18346:
-------------------------------------
That is a profile that is never used, but allow to test with xalan. We test with woodstock by default as you can see further below.
> Remove use of Xalan
> -------------------
>
> Key: CAMEL-18346
> URL: https://issues.apache.org/jira/browse/CAMEL-18346
> Project: Camel
> Issue Type: Improvement
> Reporter: PJ Fanning
> Priority: Major
>
> Xalan-J has an unfixed CVE. It is possible that this will be fixed in the future but Xalan-J has had only one release since 2008 (in 2014).
> https://www.cvedetails.com/cve/CVE-2022-34169/
> Java has built-in support for TransformerFactory and XPathFactory. This means most apps that use Xalan-J can readily switch away. Saxon-HE is another well maintained alternative.
> One place where Camel still uses Xalan:
> https://github.com/apache/camel/blob/main/core/camel-core-engine/pom.xml#L325
--
This message was sent by Atlassian Jira
(v8.20.10#820010)