Tue, 16 Jan 2024, /Martin Wunderlich/:
So, it seems there are two possible solutions here:
- Ignore that recommendation from JEP-403, keep the included JAXP
implementation that comes with the JRE and hope for the best ... or
As far as I get JEP-403 recommends one shouldn't refer to JDK-specific
implementation (com.sun.org.apache.xerces.* vs. JAXP API) classes in
code. One shouldn't be doing it anyway. You didn't answer my previous
question – is that the case for you? JEP-403 doesn't recommend against
using the JDK-bundled JAXP implementation in general (as default JAXP
provider in your runtime).
- Find some other parser implementation that does not rely on Xerces and
that does implement JAXP 1.5+ (but I am not aware of one)
Any other ideas anyone?
Could you specify what's your use case:
1. A software developer having direct control over the application
implementation;
2. A system administrator trying to configure existing application runtime.
In my previous reply I've suggested developers shouldn't rely on
"accessExternalDTD" alone, for example.
For the latter case I've suggested removing Xerces (the Apache library,
its JARs) from the runtime configuration/packaging, and relying on the
JDK-bundled implementation. This way one may rely on global
"accessExternalDTD" setting, though there's a minimal chance it may
break legitimate application functionality.
--
Stanimir
---------------------------------------------------------------------
To unsubscribe, e-mail: j-users-unsubscr...@xerces.apache.org
For additional commands, e-mail: j-users-h...@xerces.apache.org
