Hello,
First post here, since I am not able to comment in this project's Jira.
I have run into an issue with Xerces2 during a Java 17 migration.
JEP-403 mentions the following under "Risks and assumptions":
"Code that uses the JDK's internal copy of the Xerces XML processor
[might fail]. Such code should instead use a standalone copy of the
Xerces library, available from Maven Central [1]."
https://openjdk.org/jeps/403
The problem is that when including Xerces2 2.12.2 as a Maven dependency,
two properties are not recognized, which are relevant for security (to
prevent XXE attacks:
http://javax.xml.XMLConstants/property/accessExternalSchema
http://javax.xml.XMLConstants/property/accessExternalDTD
There is an open Jira topic to support these properties:
https://issues.apache.org/jira/browse/XERCESJ-1654
This was created in 2015 and I am wondering what the current status is
and what a suitable workaround might be to fulfill that requirement of
JEP-403.
Thanks a lot!
Cheers,
Martin
Links:
------
[1] https://search.maven.org/artifact/xerces/xercesImpl
