Hi, We're planning on having a release (Xerces-J 2.10.0) at the end of the week. The patch can be easily applied to earlier releases (for those who need that).
Thanks. Michael Glavassevich XML Parser Development IBM Toronto Lab E-mail: mrgla...@ca.ibm.com E-mail: mrgla...@apache.org Pankaj Jairath <pjair...@yahoo-inc.com> wrote on 12/14/2009 03:51:19 AM: > I am following up on this issue reported at - > http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2625. I see the > following check-in trunk for XMLScanner.java : > > http://svn.apache.org/viewvc/xerces/java/trunk/src/org/apache/ > xerces/impl/XMLScanner.java?r1=572055&r2=787352&pathrev=787353 > > which apparently fixes the issue. > > Question : Can we have a newer drop of Xerces2 which shall include this > critical fix ?, the last one is tagged as 2.9.1, which was made > available 2 years ago. > > Thanks, > -/Pankaj > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: j-dev-unsubscr...@xerces.apache.org > For additional commands, e-mail: j-dev-h...@xerces.apache.org
