Thanks for replying,
I can seen that the issue has been fixed in 2.10.0 but still to be launched.
https://issues.apache.org/jira/browse/XERCESJ-1412.
Can we compile any of Xerces Java 2.x with file as mention in the link below
to resolve the issue. will it works
http://svn.apache.org/viewvc?revi
On Tue, Feb 2, 2010 at 8:07 PM, Atul Parti wrote:
> When Xerces2 Java Parser 2.10.1 will be released.
The plan to release, Xerces-J 2.10.0 was around this time.
I think, we just need to wait for a release announcement :)
PS: you may not include my email address, with the list address. This
is n
When Xerces2 Java Parser 2.10.1 will be released.
Regards
Atul Parti
On Fri, Jan 29, 2010 at 10:39 PM, Mukul Gandhi wrote:
> It seems a fix for this was done in Xerces-J as specified in this JIRA
> issue:
> https://issues.apache.org/jira/browse/XERCESJ-1412
>
> The current SVN code has this fix
Atul Parti wrote on 01/29/2010 11:57:22 AM:
> Thanks for replying,
>
> But when i visit the site
> https://www.cert.fi/en/reports/2009/vulnerability2009085.html
>
> it shows that Apache Xerces Java, all versions has issued but does
> not specify the which version has recyified.
I doubt whomever
On Fri, Jan 29, 2010 at 10:51 PM, Atul Parti wrote:
> Is Xerces 2.x is backward compatible. Means we currently have Apache Xerces
> Java 1.4.3. So can the fix version will work directly for us or do we need
> to update the code to support the newer version API calls.
If your application (if it's
Thanks for pointing out that theproblem has been resolve in Xerces2-J in
2.10.0.
Is Xerces 2.x is backward compatible. Means we currently have Apache Xerces
Java 1.4.3. So can the fix version will work directly for us or do we need
to update the code to support the newer version API calls.
With R
It seems a fix for this was done in Xerces-J as specified in this JIRA issue:
https://issues.apache.org/jira/browse/XERCESJ-1412
The current SVN code has this fix, and Xerces-J 2.10.0 should have
this improvement.
On Fri, Jan 29, 2010 at 10:27 PM, Atul Parti wrote:
> Thanks for replying,
>
> But
Thanks for replying,
But when i visit the site
https://www.cert.fi/en/reports/2009/vulnerability2009085.html
it shows that Apache Xerces Java, all versions has issued but does not
specify the which version has recyified.
That is the major concern. Currently it seems that all Apache Xerces Java
ha
Hi Michael,
thanks for the response,
Does that mean Xerces2.x is not backward compatiable and in that case we
would require for our code to modify to incorporate latest Xerces 2.x.
Also does Xerces2.x has resolve the xml vulnerability issue. I need to
identify which is the latest Xerces is handli
I guess, a vulnerability issue was reported by community some time ago
related to XML parsing.
Here's some information about this:
http://isc.sans.org/diary.html?storyid=6928
http://svn.apache.org/viewvc?revision=781488&view=revision
>From these news items, it seems that Xerces-J was not affected
Hi Atul,
Xerces-J 1.4.3 is rather ancient. This release occurred before I arrived
here so couldn't tell you what issues it may have had. I wouldn't assume
the most recent report against Xerces 2.x would apply since 1.4.x is a
completely different codebase and may never have had that problem.
Tha
11 matches
Mail list logo
