Mon, 15 Jan 2024, /Stanimir Stamenkov/:
Mon, 15 Jan 2024, /Martin/:
The problem is that when including Xerces2 2.12.2 as a Maven
dependency, two properties are not recognized, which are relevant for
security (to prevent XXE attacks:
http://javax.xml.XMLConstants/property/accessExternalSchema
http://javax.xml.XMLConstants/property/accessExternalDTD
Fact is these are part of JAXP since Java 7 [1] and I think Xerces
should support them to remain reasonably relevant implementation.
O.k. According to Wikipedia:
* https://en.wikipedia.org/wiki/Java_API_for_XML_Processing
it is sometime after the Java 7 GA release:
| Java SE version | JAXP version bundled |
| --------------- | -------------------- |
| 1.7.0 | 1.4.5 |
| 1.7.40 | 1.5 |
If I'm reading this correctly:
* https://www.java.com/releases/
it is JDK 7u40, 2013-09-10 (vs. 7 LTS, 2011-07-11).
--
Stanimir
---------------------------------------------------------------------
To unsubscribe, e-mail: j-users-unsubscr...@xerces.apache.org
For additional commands, e-mail: j-users-h...@xerces.apache.org
