[jira] [Commented] (BATIK-1329) remove xalan dependency due to it being end of life

Jira Fri, 22 Jul 2022 01:14:30 -0700


    [ 
https://issues.apache.org/jira/browse/BATIK-1329?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17569868#comment-17569868
 ]


Milan Siebenbürger commented on BATIK-1329:
-------------------------------------------

Vulnerability in xalan is pretty high 

https://security.snyk.io/vuln/SNYK-JAVA-XALAN-2953385

> remove xalan dependency due to it being end of life
> ---------------------------------------------------
>
>                 Key: BATIK-1329
>                 URL: https://issues.apache.org/jira/browse/BATIK-1329
>             Project: Batik
>          Issue Type: Improvement
>            Reporter: PJ Fanning
>            Priority: Major
>
> Xalan is no longer supported.
> https://lists.apache.org/thread/s8kjny5270ssfcp46v0fl39lk98987w7
> It is better to use JAXP TransformerFactory than using xalan directly. If you 
> add xalan dependency just to ensure that you have a JAXP compliant 
> transformer on the classpath, this is unnecessary - the Java runtime has a 
> built-in implementation.
> Batik use of xalan:
> * https://mvnrepository.com/artifact/org.apache.xmlgraphics/batik-dom/1.14
> * https://github.com/apache/xmlgraphics-batik/blob/trunk/build.xml



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: batik-dev-unsubscr...@xmlgraphics.apache.org
For additional commands, e-mail: batik-dev-h...@xmlgraphics.apache.org

[jira] [Commented] (BATIK-1329) remove xalan dependency due to it being end of life

Reply via email to