What kind of help do you need? Gary On Nov 5, 2015 12:20 PM, "Michael Glavassevich" <mrgla...@ca.ibm.com> wrote:
> Yes, but need help from volunteers with more time to prepare a Xerces > release. > > And should probably also have an xml-commons release (to include in > Xerces) that contains this: > http://svn.apache.org/viewvc?view=revision&revision=1357443 > > Similar hash collision fix as the ones implemented in Xerces. > > Thanks. > > Michael Glavassevich > XML Technologies and WAS Development > IBM Toronto Lab > E-mail: mrgla...@ca.ibm.com > E-mail: mrgla...@apache.org > > Gary Gregory <ggreg...@rocketsoftware.com> wrote on 11/05/2015 12:43:23 > PM: > > > Any thoughts on pushing out a release to pick up the one fix? (And > > whatever else is in trunk since 2.11) > > Gary > > > > > > > On Thu, Nov 5, 2015 at 9:14 AM -0800, "Michael Glavassevich" < > > mrgla...@ca.ibm.com> wrote: > > > Peter Major <peter.ma...@forgerock.com> wrote on 11/05/2015 02:24:58 AM: > > > > > How about these then? > > > https://bugzilla.redhat.com/show_bug.cgi?id=1273638 > > > > Xerces doesn't support that property. > > > > > https://bugzilla.redhat.com/show_bug.cgi?id=1273645 > > > > Xerces doesn't have a StAX XML parser. > > > > > https://bugzilla.redhat.com/show_bug.cgi?id=1273637 > > > > The portion of the hashing collision issue that applies to Xerces is > fixed > > on the trunk (in other words, after Xerces 2.11.0). See: > > http://svn.apache.org/viewvc?view=revision&revision=1357381. > > > > The rest of the hashing issue is in the Java platform itself. See > > http://openjdk.java.net/jeps/180. > > > > > 2015. 11. 04. 16:38 keltezéssel, Michael Glavassevich írta: > > > > As they did not disclose any details in these reports, only Oracle > > would > > > > know. > > > > > > > > Thanks. > > > > > > > > Michael Glavassevich > > > > XML Technologies and WAS Development > > > > IBM Toronto Lab > > > > E-mail: mrgla...@ca.ibm.com > > > > E-mail: mrgla...@apache.org > > > > > > > > Peter Major <peter.ma...@forgerock.com> wrote on 11/04/2015 03:36:26 > > > AM: > > > > > > > >> Hi, > > > >> > > > >> it appears that Oracle has fixed some XML parsing related security > > > >> vulnerabilities: > > > >> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4803 > > > >> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4893 > > > >> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4911 > > > >> > > > >> Is it possible that these also affect Xerces 2.11.0? > > > >> > > > >> Regards, > > > >> Peter > > > > > > --------------------------------------------------------------------- > > > To unsubscribe, e-mail: j-users-unsubscr...@xerces.apache.org > > > For additional commands, e-mail: j-users-h...@xerces.apache.org > > > > Michael Glavassevich > > XML Technologies and WAS Development > > IBM Toronto Lab > > E-mail: mrgla...@ca.ibm.com > > E-mail: mrgla...@apache.org > > > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: j-users-unsubscr...@xerces.apache.org > > For additional commands, e-mail: j-users-h...@xerces.apache.org > > > ================================ > > Rocket Software, Inc. and subsidiaries ■ 77 Fourth Avenue, Waltham > > MA 02451 ■ +1 800.966.3270 ■ +1 781.577.4321 > > Unsubscribe From Commercial Email – unsubscr...@rocketsoftware.com > > Manage Your Subscription Preferences - http:// > > info.rocketsoftware.com/ > > GlobalSubscriptionManagementEmailFooter_SubscriptionCenter.html > > Privacy Policy - > http://www.rocketsoftware.com/company/legal/privacy-policy > > ================================ > > > > This communication and any attachments may contain confidential > > information of Rocket Software, Inc. All unauthorized use, > > disclosure or distribution is prohibited. If you are not the > > intended recipient, please notify Rocket Software immediately and > > destroy all copies of this communication. Thank you. > >
