You are viewing a plain text version of this content. The canonical link for it is here.

Posted to fop-users@xmlgraphics.apache.org by Lars Teuber <te...@aspera.com> on 2015/11/09 16:19:51 UTC

Update of fop

Hi,

There is a security issue in Xalan < 2.7.2, see:
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0107

Are there plans to update fop to the new version or is it possible /
recommended to just update the jar file?

Best regards
Lars

---------------------------------------------------------------------
To unsubscribe, e-mail: fop-users-unsubscribe@xmlgraphics.apache.org
For additional commands, e-mail: fop-users-help@xmlgraphics.apache.org

Re: Update of fop

Posted by Chris Bowditch <bo...@hotmail.com>.

Hi Lars,

Please log a JIRA to update the Xalan version shipped with FOP. Its not 
a difficult change, but let's add it to the list so its not forgotten.

In the meantime, changing the JAR file manually in the lib folder is a 
simple enough workaround

Thanks,

Chris

On 09/11/2015 15:19, Lars Teuber wrote:
> Hi,
>
> There is a security issue in Xalan < 2.7.2, see:
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0107
>
> Are there plans to update fop to the new version or is it possible /
> recommended to just update the jar file?
>
> Best regards
> Lars
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: fop-users-unsubscribe@xmlgraphics.apache.org
> For additional commands, e-mail: fop-users-help@xmlgraphics.apache.org
>
>
>


---------------------------------------------------------------------
To unsubscribe, e-mail: fop-users-unsubscribe@xmlgraphics.apache.org
For additional commands, e-mail: fop-users-help@xmlgraphics.apache.org