You are viewing a plain text version of this content. The canonical link for it is here.
Posted to j-dev@xerces.apache.org by Michael Glavassevich <mr...@ca.ibm.com> on 2004/02/20 23:34:00 UTC
[ANNOUNCEMENT]: Xerces-J 2.6.2 now available
Hi everyone,
The Xerces-J team is pleased to announce that version 2.6.2 of Xerces-J is
now available.
As well as containing a few performance improvements and several minor bug
fixes, this release fixes several bugs which a number of users encountered
with version 2.6.1. This release requires JDK 1.2 or later to run and also
requires JDK 1.2 or later to build the source code.
It was decided soon after the 2.6.1 release [1] that Xerces-J and Xalan-J
will be moving towards a common base for serialization code. As a first
step in this effort the HTML and XHTML serializers
(org.apache.xml.serialize) have been deprecated. Alternative
serialization methods are described in the Xerces-J documentation [2].
Specifically, the significant changes introduced in this release are:
* Fixed a bug in the specification of the XML Schema API. Some of the
method signatures did not match the signatures in the implementation.
[Elena Litani]
* Fixed a bug introduced in 2.6.1 which caused the XMLSerializer to
automatically expand entity references and convert CDATA sections to text.
[Elena Litani]
* Fixed a possible security hole regarding class loading. [Neeraj Bajaj]
* Improved class initialization for the XMLChar and XML11Char classes to
reduce the cost of loading Xerces. [Michael Glavassevich]
* Fixed a SAX conformance bug involving spurious prefix mapping events
with namespace support turned off. [Michael Glavassevich]
* Made message localization changes. [Neil Delima, Michael Glavassevich]
* Fixed schema related bugs. [Sandy Gao]
* Fixed various bugs. [Curt Arnold, Michael Glavassevich, Kohsuke
Kawaguchi, Naela Nissar]
[1] http://marc.theaimsgroup.com/?l=xalan-dev&m=107593381313807&w=2
[2] http://xml.apache.org/xerces2-j/faq-general.html#faq-5
Michael Glavassevich
XML Parser Development
IBM Toronto Lab
E-mail: mrglavas@ca.ibm.com
E-mail: mrglavas@apache.org
Re: [ANNOUNCEMENT]: Xerces-J 2.6.2 now available
Posted by Mikko Honkala <ho...@tml.hut.fi>.
Hello,
I understand that the release was not planned, but I also find it
strange that move from JDK 1.1 -> JDK 1.2 happens in a X.X.2 release,
which should be mainly a maintenance or bug fix release. This is a large
architectural change for many projects, including ours, X-Smiles.
There are many java environments, where a validating parser is needed,
which do not support JDK 1.2; MHP, Kaffe, some applet environments, etc.
-mikko
Michael Glavassevich wrote:
>2.6.2 was not a planned release. Some of the bugs including the
>Schema API discrepancy discovered after 2.6.1 and the switch over to the
>2.0 Apache License on March 1st (which I'm sure we'd rather pickup in
>the next release) motivated this quick follow-up release to
>2.6.1.
>
>The changes which required Java 1.2 were made before the decision
>to have this release. They were made for performance improvements, for
>instance swapping synchronized Vectors for unsynchronized ArrayLists
>where we don't need thread safety. I won't get into the details about the
>security bug but it cannot be exploited by JDK 1.1. JDK 1.1 users were
>not vulnerable.
>
>On Sat, 21 Feb 2004, Elliotte Rusty Harold wrote:
>
>
>
>>What are the specific changes in this release that require Java 1.2?
>>What features of Java 1.2 are used that were not used in 2.6.1? I
>>know 2.6.1 was supposed to be the last 1.1 supporting release.
>>However, since 2.6.2 just fixes bugs in 2.6.1 rather than introducing
>>any significant new features, I thought it might not be too hard for
>>it to support Java 1.1. In particular, it's disturbing that the last
>>1.1 supporting release has a known security bug.
>>
>>
>
>---------------------------
>Michael Glavassevich
>XML Parser Development
>IBM Toronto Lab
>E-mail: mrglavas@ca.ibm.com
>E-mail: mrglavas@apache.org
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: xerces-j-dev-unsubscribe@xml.apache.org
>For additional commands, e-mail: xerces-j-dev-help@xml.apache.org
>
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: xerces-j-dev-unsubscribe@xml.apache.org
For additional commands, e-mail: xerces-j-dev-help@xml.apache.org
Re: [ANNOUNCEMENT]: Xerces-J 2.6.2 now available
Posted by Michael Glavassevich <mr...@apache.org>.
2.6.2 was not a planned release. Some of the bugs including the
Schema API discrepancy discovered after 2.6.1 and the switch over to the
2.0 Apache License on March 1st (which I'm sure we'd rather pickup in
the next release) motivated this quick follow-up release to
2.6.1.
The changes which required Java 1.2 were made before the decision
to have this release. They were made for performance improvements, for
instance swapping synchronized Vectors for unsynchronized ArrayLists
where we don't need thread safety. I won't get into the details about the
security bug but it cannot be exploited by JDK 1.1. JDK 1.1 users were
not vulnerable.
On Sat, 21 Feb 2004, Elliotte Rusty Harold wrote:
> What are the specific changes in this release that require Java 1.2?
> What features of Java 1.2 are used that were not used in 2.6.1? I
> know 2.6.1 was supposed to be the last 1.1 supporting release.
> However, since 2.6.2 just fixes bugs in 2.6.1 rather than introducing
> any significant new features, I thought it might not be too hard for
> it to support Java 1.1. In particular, it's disturbing that the last
> 1.1 supporting release has a known security bug.
---------------------------
Michael Glavassevich
XML Parser Development
IBM Toronto Lab
E-mail: mrglavas@ca.ibm.com
E-mail: mrglavas@apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: xerces-j-dev-unsubscribe@xml.apache.org
For additional commands, e-mail: xerces-j-dev-help@xml.apache.org
Re: [ANNOUNCEMENT]: Xerces-J 2.6.2 now available
Posted by Elliotte Rusty Harold <el...@metalab.unc.edu>.
What are the specific changes in this release that require Java 1.2?
What features of Java 1.2 are used that were not used in 2.6.1? I
know 2.6.1 was supposed to be the last 1.1 supporting release.
However, since 2.6.2 just fixes bugs in 2.6.1 rather than introducing
any significant new features, I thought it might not be too hard for
it to support Java 1.1. In particular, it's disturbing that the last
1.1 supporting release has a known security bug.
--
Elliotte Rusty Harold
elharo@metalab.unc.edu
Effective XML (Addison-Wesley, 2003)
http://www.cafeconleche.org/books/effectivexml
http://www.amazon.com/exec/obidos/ISBN%3D0321150406/ref%3Dnosim/cafeaulaitA
---------------------------------------------------------------------
To unsubscribe, e-mail: xerces-j-dev-unsubscribe@xml.apache.org
For additional commands, e-mail: xerces-j-dev-help@xml.apache.org