Hello, I recently identified several vulnerabilities affecting Xalan-C v1.11. While researching them, I noticed that a few of them are already listed in the public bug tracker.
As an example, ticket XALANC-762 (created on 03/Apr/15) refers to a stack-based buffer overflow during conversion of large numbers: https://issues.apache.org/jira/browse/XALANC-762 Should I report the other bugs I found in the bug tracker (or somewhere else like a private mailing list)? Is there still any active development of this code base? Regards, Nicolas Grégoire
