Yeah! Thanks Scott.
G > On 29 Jun 2016, at 15:44, Cantor, Scott <canto...@osu.edu> wrote: > > A patch release of the Xerces-C XML parser is now available and is > propagating to the mirrors. It includes a small number of important bug > fixes, including a fix for CVE-2016-4463. > > https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=10510&version=12336069 > > Of special note, applications that don't make use of DTDs should strongly > consider setting the XERCES_ DISABLE_DTD environment variable to "1" to > insulate themselves from the likelihood of future vulnerabilities in that > code. When I have a free moment I will make that a parser feature in the > trunk since it requires an ABI change. > > -- Scott >
