You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ofbiz.apache.org by jl...@apache.org on 2016/02/17 18:29:41 UTC
svn commit: r1730882 - in /ofbiz/trunk: framework/base/lib/
specialpurpose/cmssite/template/docbook/extensions/
Author: jleroux
Date: Wed Feb 17 17:29:40 2016
New Revision: 1730882
URL: http://svn.apache.org/viewvc?rev=1730882&view=rev
Log:
In framework/base/lib/ updates Xalan from 2.7.1 to 2.7.2 because of CVE-2014-0107 (was fixed at XALANJ-2435) - https://issues.apache.org/jira/browse/OFBIZ-6905
This implies to update also Xerces from 2.9.1 to 2.11.0 and also xml-apis from 2.9.1 to 1.4.01 (2.9.1 was a wrong version number. It was actually part of the Xerces 2.9.1 package but I was unable to find the real version number then at https://xerces.apache.org/xerces2-j/releases.html)
Also updates Xalan from 27(?) to 2.7.2 in cmssite/template/docbook/extensions. I rendered https://localhost:8443/cmssite/cms/APACHE_OFBIZ_HTML w/o issues
Note: According to the DOM Level 3 specification and DOM Level 2 errata the createElementNS and createAttributeNS methods convert empty string namespaceURI to null.
jleroux: though the tests pass I'm not sure all is covered...
Added:
ofbiz/trunk/framework/base/lib/xalan-2.7.2.jar (with props)
ofbiz/trunk/framework/base/lib/xercesImpl-2.11.0.jar (with props)
ofbiz/trunk/framework/base/lib/xml-apis-1.4.01.jar (with props)
ofbiz/trunk/specialpurpose/cmssite/template/docbook/extensions/xalan-2.7.2.jar (with props)
Removed:
ofbiz/trunk/framework/base/lib/xalan-2.7.1.jar
ofbiz/trunk/framework/base/lib/xercesImpl-2.9.1.jar
ofbiz/trunk/framework/base/lib/xml-apis-2.9.1.jar
ofbiz/trunk/specialpurpose/cmssite/template/docbook/extensions/xalan27.jar
Added: ofbiz/trunk/framework/base/lib/xalan-2.7.2.jar
URL: http://svn.apache.org/viewvc/ofbiz/trunk/framework/base/lib/xalan-2.7.2.jar?rev=1730882&view=auto
==============================================================================
Binary file - no diff available.
Propchange: ofbiz/trunk/framework/base/lib/xalan-2.7.2.jar
------------------------------------------------------------------------------
svn:mime-type = application/octet-stream
Added: ofbiz/trunk/framework/base/lib/xercesImpl-2.11.0.jar
URL: http://svn.apache.org/viewvc/ofbiz/trunk/framework/base/lib/xercesImpl-2.11.0.jar?rev=1730882&view=auto
==============================================================================
Binary file - no diff available.
Propchange: ofbiz/trunk/framework/base/lib/xercesImpl-2.11.0.jar
------------------------------------------------------------------------------
svn:mime-type = application/octet-stream
Added: ofbiz/trunk/framework/base/lib/xml-apis-1.4.01.jar
URL: http://svn.apache.org/viewvc/ofbiz/trunk/framework/base/lib/xml-apis-1.4.01.jar?rev=1730882&view=auto
==============================================================================
Binary file - no diff available.
Propchange: ofbiz/trunk/framework/base/lib/xml-apis-1.4.01.jar
------------------------------------------------------------------------------
svn:mime-type = application/octet-stream
Added: ofbiz/trunk/specialpurpose/cmssite/template/docbook/extensions/xalan-2.7.2.jar
URL: http://svn.apache.org/viewvc/ofbiz/trunk/specialpurpose/cmssite/template/docbook/extensions/xalan-2.7.2.jar?rev=1730882&view=auto
==============================================================================
Binary file - no diff available.
Propchange: ofbiz/trunk/specialpurpose/cmssite/template/docbook/extensions/xalan-2.7.2.jar
------------------------------------------------------------------------------
svn:mime-type = application/octet-stream