Hi,
They are: https://issues.apache.org/jira/browse/BATIK-1284 https://issues.apache.org/jira/browse/BATIK-1276 Thanks From: Rich Quist <rqu...@mathworks.com> Sent: 08 April 2022 17:15 To: batik-dev@xmlgraphics.apache.org Subject: Backporting fixes for CVEs to Batik 1.12 Greetings. I've been asked to check whether it is possible to backport the fixes for a couple of critical security vulnerabilities that have been reported against Batik 1.12: 1. Reported fixed in Batik 1.14 - CVE-2020-11987: improper input validation by the NodePickerPanel and 2. Reported fixed in Batik 1.13 - CVE-2019-17566: improper input validation by the "xlink:href" attributes I tried searching through both the dev and commits mailing list archives to see if I could identify/isolate the specific changes that addressed these CVEs, but could not find any related messages based on the CVE #s above. Can anyone point me towards the changed files that provided the fixes? Thanks