"Cantor, Scott" <canto...@osu.edu> wrote on 03/04/2015 01:16:30 PM:
> From: "Cantor, Scott" <canto...@osu.edu> > To: "j-users@xerces.apache.org" <j-users@xerces.apache.org>, > Date: 03/04/2015 01:19 PM > Subject: Re: Hello and XXE > > On 3/4/15, 6:10 PM, "Michael Glavassevich" <mrgla...@ca.ibm.com> wrote: > > > > > >The defect you're referring to had nothing to do with DTDs or entities. > > Which I acknowledged. You still have an unreleased security fix that is > *not* a function of "applications configuring the parser correctly". And I was pointing out that it's irrelevant to Jim's concern. If you're interested in seeing a release which rolls up this and other fixes from the trunk, that's another discussion. The long period of time between Xerces releases boils down to a lack of time from developers and low interest from the community to motivate a new release. > -- Scott Michael Glavassevich XML Technologies and WAS Development IBM Toronto Lab E-mail: mrgla...@ca.ibm.com E-mail: mrgla...@apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: j-users-unsubscr...@xerces.apache.org For additional commands, e-mail: j-users-h...@xerces.apache.org
