My project's older branch has a dependency on Xerces for historical reasons, and we were made aware of an old CVE from 2013 [1] that apparently has been corrected in trunk as of 16 months ago [2], but we're trying to assess our options here (the most unpleasant being to fork if that's the only way we can get a fix out).
Is there any likelihood of a 2.12 with this fix within the imminent future? -- Scott [1] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4002 [2] https://svn.apache.org/viewvc?view=revision&revision=1499506 --------------------------------------------------------------------- To unsubscribe, e-mail: j-users-unsubscr...@xerces.apache.org For additional commands, e-mail: j-users-h...@xerces.apache.org
