Any thoughts on pushing out a release to pick up the one fix? (And whatever else is in trunk since 2.11)
Gary On Thu, Nov 5, 2015 at 9:14 AM -0800, "Michael Glavassevich" <mrgla...@ca.ibm.com<mailto:mrgla...@ca.ibm.com>> wrote: Peter Major <peter.ma...@forgerock.com> wrote on 11/05/2015 02:24:58 AM: > How about these then? > https://bugzilla.redhat.com/show_bug.cgi?id=1273638 Xerces doesn't support that property. > https://bugzilla.redhat.com/show_bug.cgi?id=1273645 Xerces doesn't have a StAX XML parser. > https://bugzilla.redhat.com/show_bug.cgi?id=1273637 The portion of the hashing collision issue that applies to Xerces is fixed on the trunk (in other words, after Xerces 2.11.0). See: http://svn.apache.org/viewvc?view=revision&revision=1357381. The rest of the hashing issue is in the Java platform itself. See http://openjdk.java.net/jeps/180. > 2015. 11. 04. 16:38 keltezéssel, Michael Glavassevich írta: > > As they did not disclose any details in these reports, only Oracle would > > know. > > > > Thanks. > > > > Michael Glavassevich > > XML Technologies and WAS Development > > IBM Toronto Lab > > E-mail: mrgla...@ca.ibm.com > > E-mail: mrgla...@apache.org > > > > Peter Major <peter.ma...@forgerock.com> wrote on 11/04/2015 03:36:26 AM: > > > >> Hi, > >> > >> it appears that Oracle has fixed some XML parsing related security > >> vulnerabilities: > >> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4803 > >> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4893 > >> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4911 > >> > >> Is it possible that these also affect Xerces 2.11.0? > >> > >> Regards, > >> Peter > > --------------------------------------------------------------------- > To unsubscribe, e-mail: j-users-unsubscr...@xerces.apache.org > For additional commands, e-mail: j-users-h...@xerces.apache.org Michael Glavassevich XML Technologies and WAS Development IBM Toronto Lab E-mail: mrgla...@ca.ibm.com E-mail: mrgla...@apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: j-users-unsubscr...@xerces.apache.org For additional commands, e-mail: j-users-h...@xerces.apache.org ================================ Rocket Software, Inc. and subsidiaries ? 77 Fourth Avenue, Waltham MA 02451 ? +1 800.966.3270 ? +1 781.577.4321 Unsubscribe From Commercial Email - unsubscr...@rocketsoftware.com Manage Your Subscription Preferences - http://info.rocketsoftware.com/GlobalSubscriptionManagementEmailFooter_SubscriptionCenter.html Privacy Policy - http://www.rocketsoftware.com/company/legal/privacy-policy ================================ This communication and any attachments may contain confidential information of Rocket Software, Inc. All unauthorized use, disclosure or distribution is prohibited. If you are not the intended recipient, please notify Rocket Software immediately and destroy all copies of this communication. Thank you.
