You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@xalan.apache.org by mu...@apache.org on 2022/09/21 07:29:42 UTC
[xalan-java] branch xalan-j_2_7_1_maint updated: xalanj commit : doing improvements to xalanj docs for the 2.7.3 release
This is an automated email from the ASF dual-hosted git repository.
mukulg pushed a commit to branch xalan-j_2_7_1_maint
in repository https://gitbox.apache.org/repos/asf/xalan-java.git
The following commit(s) were added to refs/heads/xalan-j_2_7_1_maint by this push:
new 246d88af xalanj commit : doing improvements to xalanj docs for the 2.7.3 release
246d88af is described below
commit 246d88af292b951156421f6cfb2c8c3900a41a98
Author: Mukul Gandhi <ga...@gmail.com>
AuthorDate: Wed Sep 21 12:59:25 2022 +0530
xalanj commit : doing improvements to xalanj docs for the 2.7.3 release
---
build.xml | 2 +-
xdocs/sources/xalan-apache-org-site.xml | 2 +-
xdocs/sources/xalan-jlocal.xml | 2 +-
xdocs/sources/xalan-jsite.xml | 2 +-
xdocs/sources/xalan/whatsnew.xml | 43 +++++----------------------------
xdocs/sources/xsltc.xml | 2 +-
6 files changed, 11 insertions(+), 42 deletions(-)
diff --git a/build.xml b/build.xml
index 6c9b9ce7..3914e15b 100644
--- a/build.xml
+++ b/build.xml
@@ -62,7 +62,7 @@ $Id$
<project name="Xalan" default="jar" basedir=".">
<property name="name" value="xalan"/>
- <property name="year" value="2016"/>
+ <property name="year" value="2022"/>
<property name="build.debug" value="on"/>
<property name="compiler.target" value="1.8"/>
<property name="compiler.source" value="1.8"/>
diff --git a/xdocs/sources/xalan-apache-org-site.xml b/xdocs/sources/xalan-apache-org-site.xml
index 300ff1e8..63678342 100644
--- a/xdocs/sources/xalan-apache-org-site.xml
+++ b/xdocs/sources/xalan-apache-org-site.xml
@@ -19,7 +19,7 @@
-->
<!-- $Id$ -->
-<book title="Apache Xalan Project " copyright="1999-2014 The Apache Software Foundation">
+<book title="Apache Xalan Project " copyright="1999-2022 The Apache Software Foundation">
<document id="index" label="Apache Xalan" source="xalan-apache-org/index.xml"/>
<document id="charter" label="Charter" source="xalan/charter.xml"/>
<separator/>
diff --git a/xdocs/sources/xalan-jlocal.xml b/xdocs/sources/xalan-jlocal.xml
index 36236ec0..8985982b 100644
--- a/xdocs/sources/xalan-jlocal.xml
+++ b/xdocs/sources/xalan-jlocal.xml
@@ -19,7 +19,7 @@
-->
<!-- $Id$ -->
-<book title="Xalan XSL Transformer User's Guide" copyright="1999-2014 The Apache Software Foundation">
+<book title="Xalan XSL Transformer User's Guide" copyright="1999-2022 The Apache Software Foundation">
<resources source="sbk:/sources/xalan/resources.xml"/>
<document id="whatsnew" label="What's New" source="xalan/whatsnew.xml"/>
<document id="readme" label="Release Notes" source="xalan/readme.xml"/>
diff --git a/xdocs/sources/xalan-jsite.xml b/xdocs/sources/xalan-jsite.xml
index ce2bde09..b107541f 100644
--- a/xdocs/sources/xalan-jsite.xml
+++ b/xdocs/sources/xalan-jsite.xml
@@ -19,7 +19,7 @@
-->
<!-- $Id$ -->
-<book title="Xalan XSL Transformer User's Guide" copyright="1999-2014 The Apache Software Foundation">
+<book title="Xalan XSL Transformer User's Guide" copyright="1999-2022 The Apache Software Foundation">
<resources source="sbk:/sources/xalan/resources.xml"/>
<external href="http://xalan.apache.org/index.html" label="Home"/>
<separator/>
diff --git a/xdocs/sources/xalan/whatsnew.xml b/xdocs/sources/xalan/whatsnew.xml
index 3aa762bb..ffaa11f8 100644
--- a/xdocs/sources/xalan/whatsnew.xml
+++ b/xdocs/sources/xalan/whatsnew.xml
@@ -21,50 +21,19 @@
<s2 title="What's new in &xslt4j-current;">
<p>
- Here's what new in &xslt4j-current;.
+ Here's what's new in &xslt4j-current;.
</p>
- <s3 title="Fix for CVE-2014-0107 insufficient secure processing">
- <p>
- When using FEATURE_SECURE_PROCESSING ("http://javax.xml.XMLConstants/feature/secure-processing") on a TransformerFactory, the output properties:
- </p>
- <ul>
- <li>{http://xml.apache.org/xalan}content-handler</li>
- <li>{http://xml.apache.org/xalan}entities</li>
- <li>{http://xml.apache.org/xslt}content-handler</li>
- <li>{http://xml.apache.org/xslt}entities</li>
- </ul>
- <p>
- should be ignored (see http://xml.apache.org/xalan-j/usagepatterns.html#outputprops)
- </p>
- <p>
- These properties can be used to load an arbitrary class or access an arbitrary URL/resource so are problematic when secure processing is desired.
- </p>
- <p>
- <code>
- <xsl:output xalan:content-handler="org.example.BadClass" ...
- </code>
- </p>
- <p>
- <code>
- <xsl:output xalan:entities="http://example.org/reallyLargeFile.bin" ...
- </code>
- </p>
- <p>
- These features could be used to load a class that had undesirable side-effects or to load a large file and exhaust memory, etc.
- </p>
- <p>
- See <link anchor="https://issues.apache.org/jira/browse/XALANJ-2435">XALANJ-2435</link>.
- </p>
+ <s3 title="Fix for CVE-2022-34169 An integer truncation issue when processing malicious XSLT stylesheets">
</s3>
- <s3 title="Upgrade to Xerces-J 2.11.0 and XML Commons External 1.4.01">
- The distributions contain upgraded versions of <code>xercesImpl.jar</code>
- (Xerces-J 2.11.0) and <code>xml-apis.jar</code> (XML Commons External 1.4.01).
+ <s3 title="Upgrade to Xerces-J 2.12.2">
+ The distributions contain upgraded versions of <code>xercesImpl.jar</code> and
+ <code>xml-apis.jar</code> (Xerces-J 2.12.2).
</s3>
<s3 title="Bug fixes">
- &xslt4j-current; contains performance enhancements and other bug fixes since 2.7.1. You can find the list
+ &xslt4j-current; contains performance enhancements and other bug fixes since 2.7.2. You can find the list
in <link idref="readme" anchor="notes_latest">the release notes</link>.
</s3>
diff --git a/xdocs/sources/xsltc.xml b/xdocs/sources/xsltc.xml
index 2fcc0f29..3e20a254 100644
--- a/xdocs/sources/xsltc.xml
+++ b/xdocs/sources/xsltc.xml
@@ -16,7 +16,7 @@
* See the License for the specific language governing permissions and
* limitations under the License.
-->
-<book title="XSLTC Design" copyright="1999-2014 The Apache Software Foundation">
+<book title="XSLTC Design" copyright="1999-2022 The Apache Software Foundation">
<document id="index"
label="Overview"
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@xalan.apache.org
For additional commands, e-mail: commits-help@xalan.apache.org