You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@xerces.apache.org by mu...@apache.org on 2018/10/04 06:13:25 UTC

svn commit: r1842774 - in /xerces/java: branches/xml-schema-1.1-dev/docs/releases.xml trunk/docs/releases.xml

Author: mukulg
Date: Thu Oct  4 06:13:25 2018
New Revision: 1842774

URL: http://svn.apache.org/viewvc?rev=1842774&view=rev
Log:
minor changes to release notes, for XercesJ2 2.12.0 release

Modified:
    xerces/java/branches/xml-schema-1.1-dev/docs/releases.xml
    xerces/java/trunk/docs/releases.xml

Modified: xerces/java/branches/xml-schema-1.1-dev/docs/releases.xml
URL: http://svn.apache.org/viewvc/xerces/java/branches/xml-schema-1.1-dev/docs/releases.xml?rev=1842774&r1=1842773&r2=1842774&view=diff
==============================================================================
--- xerces/java/branches/xml-schema-1.1-dev/docs/releases.xml (original)
+++ xerces/java/branches/xml-schema-1.1-dev/docs/releases.xml Thu Oct  4 06:13:25 2018
@@ -65,6 +65,14 @@
        </fix>
        <fix>
      	<note>
+      		Fixed possible security issue: an implementation of the NamedNodeMapImpl class in the JAXP component did not 
+      		limit the amount of memory allocated when creating object instance from a serialized form. A specially-crafted 
+      		input could cause a java application to use an excessive amount of memory when deserialized.
+     	</note>
+     	<submitter name='David Dillard, Michael Glavassevich, Mukul Gandhi'/>
+       </fix>
+       <fix>
+     	<note>
       		Implemented minor and major fixes in certain areas, to XML Schema 1.0 and 1.1 implementations.
      	</note>
      	<submitter name='Michael Glavassevich, Khaled Noaman, Sandy Gao, Mukul Gandhi'/>

Modified: xerces/java/trunk/docs/releases.xml
URL: http://svn.apache.org/viewvc/xerces/java/trunk/docs/releases.xml?rev=1842774&r1=1842773&r2=1842774&view=diff
==============================================================================
--- xerces/java/trunk/docs/releases.xml (original)
+++ xerces/java/trunk/docs/releases.xml Thu Oct  4 06:13:25 2018
@@ -65,6 +65,14 @@
        </fix>
        <fix>
      	<note>
+      		Fixed possible security issue: an implementation of the NamedNodeMapImpl class in the JAXP component did not 
+      		limit the amount of memory allocated when creating object instance from a serialized form. A specially-crafted 
+      		input could cause a java application to use an excessive amount of memory when deserialized.
+     	</note>
+     	<submitter name='David Dillard, Michael Glavassevich, Mukul Gandhi'/>
+       </fix>
+       <fix>
+     	<note>
       		Implemented minor and major fixes in certain areas, to XML Schema 1.0 and 1.1 implementations.
      	</note>
      	<submitter name='Michael Glavassevich, Khaled Noaman, Sandy Gao, Mukul Gandhi'/>



---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@xerces.apache.org
For additional commands, e-mail: commits-help@xerces.apache.org