You are viewing a plain text version of this content. The canonical link for it is here.

Posted to batik-dev@xmlgraphics.apache.org by "Milan Siebenbürger (Jira)" <ji...@apache.org> on 2022/07/22 08:14:00 UTC

[jira] [Commented] (BATIK-1329) remove xalan dependency due to it being end of life

    [ https://issues.apache.org/jira/browse/BATIK-1329?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17569868#comment-17569868 ] 

Milan Siebenbürger commented on BATIK-1329:
-------------------------------------------

Vulnerability in xalan is pretty high 

https://security.snyk.io/vuln/SNYK-JAVA-XALAN-2953385

> remove xalan dependency due to it being end of life
> ---------------------------------------------------
>
>                 Key: BATIK-1329
>                 URL: https://issues.apache.org/jira/browse/BATIK-1329
>             Project: Batik
>          Issue Type: Improvement
>            Reporter: PJ Fanning
>            Priority: Major
>
> Xalan is no longer supported.
> https://lists.apache.org/thread/s8kjny5270ssfcp46v0fl39lk98987w7
> It is better to use JAXP TransformerFactory than using xalan directly. If you add xalan dependency just to ensure that you have a JAXP compliant transformer on the classpath, this is unnecessary - the Java runtime has a built-in implementation.
> Batik use of xalan:
> * https://mvnrepository.com/artifact/org.apache.xmlgraphics/batik-dom/1.14
> * https://github.com/apache/xmlgraphics-batik/blob/trunk/build.xml



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: batik-dev-unsubscribe@xmlgraphics.apache.org
For additional commands, e-mail: batik-dev-help@xmlgraphics.apache.org