I have prepared a release candidate for 3.1.4 that fixes some outstanding bugs. 
My ETA for release is around the end of the month. I haven't checked over the 
generated HTML pages in the tarballs yet, so I probably will do a second RC 
before calling for a vote maybe around the end of next week, just to fix any 
missing doc changes. Code is frozen at this point barring feedback.


This patch release includes a new security feature you can test. You can 
disable DTD processing (and cause the parser to error out) by setting an 
environment variable, XERCES_DISABLE_DTD=1. This was done in that 
less-than-ideal manner because of the desire to maintain ABI compatibility, 
while at the same time allowing applications that don't need DTD support to 
insulate themselves from a large class of bugs and attacks.
-- Scott

To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org
For additional commands, e-mail: c-dev-h...@xerces.apache.org

Reply via email to