On Fri, Apr 24, 2026 at 2:35 AM Piotr P. Karwasz <[email protected]> wrote:
> Second, the correct recipe depends on which JAXP implementation is > actually on the classpath, and that's often not what the developer > thinks. A library author tests against the JDK, observes that > FEATURE_SECURE_PROCESSING transitively restricts ACCESS_EXTERNAL_* > (JEP 185), and writes a minimal hardening block. The library is then > deployed in an application that pulls in external Xerces transitively: > JEP 185 no longer applies, ACCESS_EXTERNAL_* is not honored, and the > minimal block is no longer sufficient. > This might be an issue to address in Xerces. Please file a detailed description in the JIRA. That said, Xerces does not have sufficient developer participation at this time to promise quick resolution. That's one reason I'm so wary of adding new projects that have even less commitment. -- Elliotte Rusty Harold [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
