Hi all, my problem is that Xerces-J 2.11.0 pops up on the OWASP Dependency Check [1] having the vulnerability CVE-2012-0881.
After some investigation I found that CVE-2012-0881 has been indeed fixed and is scheduled to be released for Xerces-J 2.12.0 [2]. However, no specific release date is given [3]. Could you point me to a release schedule or do you know the release date? Using libraries which contain vulnerabilities is not an option for my organisation. So, I'm hoping for a Xerces-J 2.11.0 release happening soonish. Best regards, Yves [1] https://www.owasp.org/index.php/OWASP_Dependency_Check [2] https://issues.apache.org/jira/browse/XERCESJ-1685 [3] https://issues.apache.org/jira/projects/XERCESJ/versions/12336542
