Hi all,
my problem is that Xerces-J 2.11.0 pops up on the OWASP Dependency Check [1]
having the vulnerability CVE-2012-0881.
After some investigation I found that CVE-2012-0881 has been indeed fixed and
is scheduled to be released for Xerces-J 2.12.0 [2].
However, no specific release date is
Good question. Xerces has been rather... inactive :-(
Gary
On Fri, Dec 22, 2017 at 7:15 AM, Yves Geissbühler <
yves.geissbueh...@incentage.com> wrote:
> Hi all,
> my problem is that Xerces-J 2.11.0 pops up on the OWASP Dependency Check
> [1] having the vulnerability CVE-2012-0881.
>
> After some
