Hi Michael, thanks for the response,
Does that mean Xerces2.x is not backward compatiable and in that case we would require for our code to modify to incorporate latest Xerces 2.x. Also does Xerces2.x has resolve the xml vulnerability issue. I need to identify which is the latest Xerces is handling the xml vulnerability. Regards Atul Parti On Fri, Jan 29, 2010 at 10:03 PM, Michael Glavassevich <mrgla...@ca.ibm.com>wrote: > Hi Atul, > > Xerces-J 1.4.3 is rather ancient. This release occurred before I arrived > here so couldn't tell you what issues it may have had. I wouldn't assume the > most recent report against Xerces 2.x would apply since 1.4.x is a > completely different codebase and may never have had that problem. > > Thanks. > > Michael Glavassevich > XML Parser Development > IBM Toronto Lab > E-mail: mrgla...@ca.ibm.com > E-mail: mrgla...@apache.org > > Atul Parti <atulpa...@gmail.com> wrote on 01/29/2010 10:39:31 AM: > > > > I am looking for an information. > > > > I am looking for removing security vulnerabilities that may be > > associated with XML parsers. > > Which version of Apache Xerces Java has rectified the xml > > Vulnerability(if any). > > Currently we are using Apache Xerces Java 1.4.3. > > > > I went through different sites but could not find a single > > reference, where it is mention that Apache Xerces Java has rectified > > the xml vulnerability issue. > > In case any one help me or confirm me that my understanding is correct. > > > > With Regards > > Atul >
