You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@xalan.apache.org by mu...@apache.org on 2022/09/21 07:29:42 UTC

[xalan-java] branch xalan-j_2_7_1_maint updated: xalanj commit : doing improvements to xalanj docs for the 2.7.3 release

This is an automated email from the ASF dual-hosted git repository.

mukulg pushed a commit to branch xalan-j_2_7_1_maint
in repository https://gitbox.apache.org/repos/asf/xalan-java.git


The following commit(s) were added to refs/heads/xalan-j_2_7_1_maint by this push:
     new 246d88af xalanj commit : doing improvements to xalanj docs for the 2.7.3 release
246d88af is described below

commit 246d88af292b951156421f6cfb2c8c3900a41a98
Author: Mukul Gandhi <ga...@gmail.com>
AuthorDate: Wed Sep 21 12:59:25 2022 +0530

    xalanj commit : doing improvements to xalanj docs for the 2.7.3 release
---
 build.xml                               |  2 +-
 xdocs/sources/xalan-apache-org-site.xml |  2 +-
 xdocs/sources/xalan-jlocal.xml          |  2 +-
 xdocs/sources/xalan-jsite.xml           |  2 +-
 xdocs/sources/xalan/whatsnew.xml        | 43 +++++----------------------------
 xdocs/sources/xsltc.xml                 |  2 +-
 6 files changed, 11 insertions(+), 42 deletions(-)

diff --git a/build.xml b/build.xml
index 6c9b9ce7..3914e15b 100644
--- a/build.xml
+++ b/build.xml
@@ -62,7 +62,7 @@ $Id$
 <project name="Xalan" default="jar" basedir=".">
 
   <property name="name"                   value="xalan"/>
-  <property name="year"                   value="2016"/>
+  <property name="year"                   value="2022"/>
   <property name="build.debug"            value="on"/>  
   <property name="compiler.target"        value="1.8"/>
   <property name="compiler.source"        value="1.8"/>
diff --git a/xdocs/sources/xalan-apache-org-site.xml b/xdocs/sources/xalan-apache-org-site.xml
index 300ff1e8..63678342 100644
--- a/xdocs/sources/xalan-apache-org-site.xml
+++ b/xdocs/sources/xalan-apache-org-site.xml
@@ -19,7 +19,7 @@
 -->
 <!-- $Id$ -->
 
-<book title="Apache Xalan Project " copyright="1999-2014 The Apache Software Foundation">
+<book title="Apache Xalan Project " copyright="1999-2022 The Apache Software Foundation">
   <document id="index" label="Apache Xalan" source="xalan-apache-org/index.xml"/>
   <document id="charter" label="Charter" source="xalan/charter.xml"/>
   <separator/>  
diff --git a/xdocs/sources/xalan-jlocal.xml b/xdocs/sources/xalan-jlocal.xml
index 36236ec0..8985982b 100644
--- a/xdocs/sources/xalan-jlocal.xml
+++ b/xdocs/sources/xalan-jlocal.xml
@@ -19,7 +19,7 @@
 -->
 <!-- $Id$ -->
 
-<book title="Xalan XSL Transformer User's Guide" copyright="1999-2014 The Apache Software Foundation">
+<book title="Xalan XSL Transformer User's Guide" copyright="1999-2022 The Apache Software Foundation">
   <resources source="sbk:/sources/xalan/resources.xml"/>
   <document id="whatsnew"    label="What's New"      source="xalan/whatsnew.xml"/>
   <document id="readme"      label="Release Notes"   source="xalan/readme.xml"/>  
diff --git a/xdocs/sources/xalan-jsite.xml b/xdocs/sources/xalan-jsite.xml
index ce2bde09..b107541f 100644
--- a/xdocs/sources/xalan-jsite.xml
+++ b/xdocs/sources/xalan-jsite.xml
@@ -19,7 +19,7 @@
 -->
 <!-- $Id$ -->
 
-<book title="Xalan XSL Transformer User's Guide" copyright="1999-2014 The Apache Software Foundation">
+<book title="Xalan XSL Transformer User's Guide" copyright="1999-2022 The Apache Software Foundation">
   <resources source="sbk:/sources/xalan/resources.xml"/>
   <external href="http://xalan.apache.org/index.html" label="Home"/>
   <separator/>
diff --git a/xdocs/sources/xalan/whatsnew.xml b/xdocs/sources/xalan/whatsnew.xml
index 3aa762bb..ffaa11f8 100644
--- a/xdocs/sources/xalan/whatsnew.xml
+++ b/xdocs/sources/xalan/whatsnew.xml
@@ -21,50 +21,19 @@
 
   <s2 title="What's new in &xslt4j-current;">  
     <p>
-      Here's what new in &xslt4j-current;.
+      Here's what's new in &xslt4j-current;.
     </p>
 
-    <s3 title="Fix for CVE-2014-0107 insufficient secure processing">
-      <p>
-        When using FEATURE_SECURE_PROCESSING ("http://javax.xml.XMLConstants/feature/secure-processing") on a TransformerFactory, the output properties:
-      </p>
-      <ul>
-        <li>{http://xml.apache.org/xalan}content-handler</li>
-        <li>{http://xml.apache.org/xalan}entities</li>
-        <li>{http://xml.apache.org/xslt}content-handler</li>
-        <li>{http://xml.apache.org/xslt}entities</li>
-      </ul>
-      <p>
-        should be ignored (see http://xml.apache.org/xalan-j/usagepatterns.html#outputprops)
-      </p>
-      <p>
-        These properties can be used to load an arbitrary class or access an arbitrary URL/resource so are problematic when secure processing is desired.
-      </p>
-      <p>      
-        <code>  
-          &lt;xsl:output xalan:content-handler="org.example.BadClass" ...
-        </code>   
-      </p>
-      <p>      
-        <code>  
-          &lt;xsl:output xalan:entities="http://example.org/reallyLargeFile.bin" ...
-        </code>   
-      </p>
-      <p>
-        These features could be used to load a class that had undesirable side-effects or to load a large file and exhaust memory, etc. 
-      </p>
-      <p>
-        See <link anchor="https://issues.apache.org/jira/browse/XALANJ-2435">XALANJ-2435</link>. 
-      </p>
+    <s3 title="Fix for CVE-2022-34169 An integer truncation issue when processing malicious XSLT stylesheets">
     </s3>
     
-    <s3 title="Upgrade to Xerces-J 2.11.0 and XML Commons External 1.4.01">
-      The distributions contain upgraded versions of <code>xercesImpl.jar</code>
-      (Xerces-J 2.11.0) and <code>xml-apis.jar</code> (XML Commons External 1.4.01).
+    <s3 title="Upgrade to Xerces-J 2.12.2">
+      The distributions contain upgraded versions of <code>xercesImpl.jar</code> and 
+      <code>xml-apis.jar</code> (Xerces-J 2.12.2).
     </s3>
     
     <s3 title="Bug fixes">
-      &xslt4j-current; contains performance enhancements and other bug fixes since 2.7.1. You can find the list 
+      &xslt4j-current; contains performance enhancements and other bug fixes since 2.7.2. You can find the list 
       in <link idref="readme" anchor="notes_latest">the release notes</link>.
     </s3>
     
diff --git a/xdocs/sources/xsltc.xml b/xdocs/sources/xsltc.xml
index 2fcc0f29..3e20a254 100644
--- a/xdocs/sources/xsltc.xml
+++ b/xdocs/sources/xsltc.xml
@@ -16,7 +16,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
 -->
-<book title="XSLTC Design" copyright="1999-2014 The Apache Software Foundation">
+<book title="XSLTC Design" copyright="1999-2022 The Apache Software Foundation">
  
   <document id="index"
             label="Overview"


---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@xalan.apache.org
For additional commands, e-mail: commits-help@xalan.apache.org