Congratulations on the fix and release! With respect to the advisory, since the original one[0] claims the issue was fixed in 3.2.3, we're not allowed to 'widen' the version range, we'll have to allocate a new one[1]. I can take care of that on your behalf if you prefer?
Also, I noticed the download page[2] still seem to be referring to 3.2.0 - it might be nice to update that as well :). Kind regards, Arnout [0]: https://www.cve.org/CVERecord?id=CVE-2018-1311 [1]: https://cveprocess.apache.org/allocatecve [2]: https://xerces.apache.org/mirrors.cgi#source On 2023/12/20 14:33:21 "Cantor, Scott" wrote: > The Xerces project has released V3.2.5 of the C++ parser library, a patch > release containing a fix for the CVE from 2018. > > It's on the main download site now and should be on the mirrors shortly. > > The advisory has been updated accordingly [1]. (And I realized I need to > re-sign that, so I'll fix it on the site today.) > > -- Scott > > [1] https://xerces.apache.org/xerces-c/secadv/CVE-2018-1311.txt > > --------------------------------------------------------------------- To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org For additional commands, e-mail: c-dev-h...@xerces.apache.org
