You are viewing a plain text version of this content. The canonical link for it is here.
Posted to batik-dev@xmlgraphics.apache.org by "Milan Siebenbürger (Jira)" <ji...@apache.org> on 2022/07/22 08:14:00 UTC
[jira] [Commented] (BATIK-1329) remove xalan dependency due to it being end of life
[ https://issues.apache.org/jira/browse/BATIK-1329?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17569868#comment-17569868 ]
Milan Siebenbürger commented on BATIK-1329:
-------------------------------------------
Vulnerability in xalan is pretty high
https://security.snyk.io/vuln/SNYK-JAVA-XALAN-2953385
> remove xalan dependency due to it being end of life
> ---------------------------------------------------
>
> Key: BATIK-1329
> URL: https://issues.apache.org/jira/browse/BATIK-1329
> Project: Batik
> Issue Type: Improvement
> Reporter: PJ Fanning
> Priority: Major
>
> Xalan is no longer supported.
> https://lists.apache.org/thread/s8kjny5270ssfcp46v0fl39lk98987w7
> It is better to use JAXP TransformerFactory than using xalan directly. If you add xalan dependency just to ensure that you have a JAXP compliant transformer on the classpath, this is unnecessary - the Java runtime has a built-in implementation.
> Batik use of xalan:
> * https://mvnrepository.com/artifact/org.apache.xmlgraphics/batik-dom/1.14
> * https://github.com/apache/xmlgraphics-batik/blob/trunk/build.xml
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: batik-dev-unsubscribe@xmlgraphics.apache.org
For additional commands, e-mail: batik-dev-help@xmlgraphics.apache.org