A patch release of the Xerces-C XML parser is now available and is propagating 
to the mirrors. It includes a small number of important bug fixes, including a 
fix for CVE-2016-4463.

https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=10510&version=12336069

Of special note, applications that don't make use of DTDs should strongly 
consider setting the XERCES_ DISABLE_DTD environment variable to "1" to 
insulate themselves from the likelihood of future vulnerabilities in that code. 
When I have a free moment I will make that a parser feature in the trunk since 
it requires an ABI change.

-- Scott


---------------------------------------------------------------------
To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org
For additional commands, e-mail: c-dev-h...@xerces.apache.org

Reply via email to