Moin Chris, Christopher Schultz schrieb am 20.12.2010 um 15:18 (-0500): > On 12/19/2010 7:35 AM, Michael Ludwig wrote: > > In the case of Xerces, however, it is preferable to put the JAR(s) > > into %CATALINA_HOME%\endorsed (which may not exist but may be > > created) so they will be available to all of Tomcat and outmatch the > > Sun fork shipping with the JRE. > > I'm not sure I'd recommend this unless no other option will work: > overriding the vendor-supplied XML parser with one that is quite old > (as Xerces 2.6.1 appears to be) may open you up to security > vulnerabilities as well as other incompatibilities with the library.
I must have overlooked the ancient Xerces version, and the fact that it is bundled with Jena. I wonder why they're using such an old version? I don't recommend putting that into endorsed/. Thanks for catching this. In general, however, I would prefer Apache Xerces to the Sun fork, especially when using JDK 1.6. I've hit a couple of bugs in the Sun fork, and I'm not the only one. I've already seen so many bugs in the Sun JDK 1.6 Xerces version that I recommend people never to use it for production work […] In fact, at some stage I'd like to get rid of the Parse module: this module holds the Sun fork of the Apache Xerces parser, which is horribly buggy; I'd much rather use the Apache original which is much more reliable […] http://saxonica.blogharbor.com/blog/_archives/2009/6/26/4235816.html Those are harsh comments, but I didn't have to do top-notch development like Michael Kay to run into those bugs myself. -- Michael Ludwig --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
