You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@poi.apache.org by us...@apache.org on 2014/08/18 19:00:23 UTC

svn commit: r6192 - /release/poi/release/RELEASE-NOTES.txt

Author: uschindler
Date: Mon Aug 18 17:00:23 2014
New Revision: 6192

Log:
Add note about older XERCES versions to release notes

Modified:
    release/poi/release/RELEASE-NOTES.txt

Modified: release/poi/release/RELEASE-NOTES.txt
==============================================================================
--- release/poi/release/RELEASE-NOTES.txt (original)
+++ release/poi/release/RELEASE-NOTES.txt Mon Aug 18 17:00:23 2014
@@ -18,7 +18,9 @@ This release is a bugfix release to fix 
 
 Please note: You should use xmlbeans-2.6.jar (as shipped with this release)
 instead of the xmlbeans-2.3.jar version from the 3.10-FINAL release to work
-around CVE-2014-3574.
+around CVE-2014-3574. If you have an alternate XML parser like Apache Xerces
+in classpath, be sure to use a recent version! Older versions are likely to
+break on setting required security features.
 
 A full list of changes is available in the change log: http://poi.apache.org/changes.html. 
 People interested should also follow the dev mailing list to track further progress.



---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@poi.apache.org
For additional commands, e-mail: commits-help@poi.apache.org