This is an automated email from the ASF dual-hosted git repository.
joshtynjala pushed a commit to branch security-updates
in repository https://gitbox.apache.org/repos/asf/flex-blazeds.git
commit b3a8e23f162308333a84c9a79098a4c6b4272b81
Author: Josh Tynjala <joshtynj...@bowlerhat.dev>
AuthorDate: Mon Jan 9 09:40:09 2023 -0800
remove xalan dependency that was used for Java 1.4 and older only
---
common/pom.xml | 5 --
.../ApacheXPathClientConfigurationParser.java | 70 -----------------
.../messaging/config/ServicesDependencies.java | 14 ----
.../ApacheXPathServerConfigurationParser.java | 72 -----------------
.../messaging/config/FlexConfigurationManager.java | 15 ----
.../messaging/config/ConfigurationParserTest.java | 2 +-
.../flex/messaging/io/amf/MessageGenerator.java | 90 ++++++++++++----------
.../io/amfx/DeserializationConfirmation.java | 24 +++---
pom.xml | 6 --
9 files changed, 63 insertions(+), 235 deletions(-)
diff --git a/common/pom.xml b/common/pom.xml
index f9bf841..8db4822 100755
--- a/common/pom.xml
+++ b/common/pom.xml
@@ -29,11 +29,6 @@ limitations under the License.
<artifactId>flex-messaging-common</artifactId>
<dependencies>
- <dependency>
- <groupId>xalan</groupId>
- <artifactId>xalan</artifactId>
- </dependency>
-
<dependency>
<groupId>junit</groupId>
<artifactId>junit</artifactId>
diff --git
a/common/src/main/java/flex/messaging/config/ApacheXPathClientConfigurationParser.java
b/common/src/main/java/flex/messaging/config/ApacheXPathClientConfigurationParser.java
deleted file mode 100644
index 64a7ecf..0000000
---
a/common/src/main/java/flex/messaging/config/ApacheXPathClientConfigurationParser.java
+++ /dev/null
@@ -1,70 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package flex.messaging.config;
-
-import org.apache.xpath.CachedXPathAPI;
-import org.w3c.dom.Node;
-import org.w3c.dom.NodeList;
-
-import javax.xml.transform.TransformerException;
-
-/**
- * Uses Apache XPath on a DOM representation of a messaging configuration
- * file.
- * <p>
- * NOTE: Since reference ids are used between elements, certain
- * sections of the document need to be parsed first.
- * </p>
- */
-public class ApacheXPathClientConfigurationParser extends
ClientConfigurationParser {
- private CachedXPathAPI xpath;
-
- protected void initializeExpressionQuery() {
- this.xpath = new CachedXPathAPI();
- }
-
- protected Node selectSingleNode(Node source, String expression) {
- try {
- return xpath.selectSingleNode(source, expression);
- } catch (TransformerException transformerException) {
- throw wrapException(transformerException);
- }
- }
-
- protected NodeList selectNodeList(Node source, String expression) {
- try {
- return xpath.selectNodeList(source, expression);
- } catch (TransformerException transformerException) {
- throw wrapException(transformerException);
- }
- }
-
- protected Object evaluateExpression(Node source, String expression) {
- try {
- return xpath.eval(source, expression);
- } catch (TransformerException transformerException) {
- throw wrapException(transformerException);
- }
- }
-
- private ConfigurationException wrapException(TransformerException
exception) {
- ConfigurationException result = new ConfigurationException();
- result.setDetails(PARSER_INTERNAL_ERROR);
- result.setRootCause(exception);
- return result;
- }
-}
diff --git
a/common/src/main/java/flex/messaging/config/ServicesDependencies.java
b/common/src/main/java/flex/messaging/config/ServicesDependencies.java
index 33d9808..6912e44 100644
--- a/common/src/main/java/flex/messaging/config/ServicesDependencies.java
+++ b/common/src/main/java/flex/messaging/config/ServicesDependencies.java
@@ -191,20 +191,6 @@ public class ServicesDependencies {
}
}
- // Try Sun JRE 1.4 / Apache Xalan Based Implementation
- if (parser == null) {
- try {
- Class.forName("org.apache.xpath.CachedXPathAPI");
- className =
"flex.messaging.config.ApacheXPathClientConfigurationParser";
- parserClass = Class.forName(className);
- parser = (ConfigurationParser) parserClass.newInstance();
- } catch (Throwable t) {
- if (traceConfig) {
- System.out.println("Could not load configuration parser
as: " + className);
- }
- }
- }
-
// Try Sun JRE 1.5 Based Implementation
if (parser == null) {
try {
diff --git
a/core/src/main/java/flex/messaging/config/ApacheXPathServerConfigurationParser.java
b/core/src/main/java/flex/messaging/config/ApacheXPathServerConfigurationParser.java
deleted file mode 100644
index 5150725..0000000
---
a/core/src/main/java/flex/messaging/config/ApacheXPathServerConfigurationParser.java
+++ /dev/null
@@ -1,72 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package flex.messaging.config;
-
-import org.apache.xpath.CachedXPathAPI;
-import org.w3c.dom.Node;
-import org.w3c.dom.NodeList;
-
-import javax.xml.transform.TransformerException;
-
-/**
- * Uses Apache XPath on a DOM representation of a messaging configuration
- * file.
- * <p>
- * Note: Since reference ids are used between elements, certain
- * sections of the document need to be parsed first.
- * </p>
- */
-public class ApacheXPathServerConfigurationParser extends
ServerConfigurationParser {
- private CachedXPathAPI xpath;
-
- protected void initializeExpressionQuery() {
- this.xpath = new CachedXPathAPI();
- }
-
- protected Node selectSingleNode(Node source, String expression) {
- try {
- return xpath.selectSingleNode(source, expression);
- } catch (TransformerException transformerException) {
- throw wrapException(transformerException);
- }
- }
-
- protected NodeList selectNodeList(Node source, String expression) {
- try {
- return xpath.selectNodeList(source, expression);
- } catch (TransformerException transformerException) {
- throw wrapException(transformerException);
- }
- }
-
- protected Object evaluateExpression(Node source, String expression) {
- try {
- return xpath.eval(source, expression);
- } catch (TransformerException transformerException) {
- throw wrapException(transformerException);
- }
- }
-
- private ConfigurationException wrapException(TransformerException
exception) {
- ConfigurationException result = new ConfigurationException();
- result.setDetails(PARSER_INTERNAL_ERROR);
- result.setRootCause(exception);
- return result;
- }
-
-
-}
diff --git
a/core/src/main/java/flex/messaging/config/FlexConfigurationManager.java
b/core/src/main/java/flex/messaging/config/FlexConfigurationManager.java
index be1e769..fc69fbf 100644
--- a/core/src/main/java/flex/messaging/config/FlexConfigurationManager.java
+++ b/core/src/main/java/flex/messaging/config/FlexConfigurationManager.java
@@ -102,21 +102,6 @@ public class FlexConfigurationManager implements
ConfigurationManager {
}
}
- // Always try Sun JRE 1.4 / Apache Xalan Based Implementation first to
- // avoid performance problems with Sun JRE 1.5 Based Implementation
- if (parser == null) {
- try {
- ClassUtil.createClass("org.apache.xpath.CachedXPathAPI");
- className =
"flex.messaging.config.ApacheXPathServerConfigurationParser";
- parserClass = ClassUtil.createClass(className);
- parser = (ConfigurationParser) parserClass.newInstance();
- } catch (Throwable t) {
- if (Trace.config) {
- Trace.trace("Could not load configuration parser as: " +
className);
- }
- }
- }
-
// Try Sun JRE 1.5 Based Implementation
if (parser == null) {
try {
diff --git
a/core/src/test/java/flex/messaging/config/ConfigurationParserTest.java
b/core/src/test/java/flex/messaging/config/ConfigurationParserTest.java
index f2d07c9..26e6bbb 100644
--- a/core/src/test/java/flex/messaging/config/ConfigurationParserTest.java
+++ b/core/src/test/java/flex/messaging/config/ConfigurationParserTest.java
@@ -94,7 +94,7 @@ public class ConfigurationParserTest {
private void processRequest(String filename, String testName, String
resourcePath) throws IOException {
MessagingConfiguration config = new MessagingConfiguration();
- ConfigurationParser parser = new
ApacheXPathServerConfigurationParser();
+ ConfigurationParser parser = new XPathServerConfigurationParser();
try {
parser.parse(filename, new LocalFileResolver(), config);
diff --git a/core/src/test/java/flex/messaging/io/amf/MessageGenerator.java
b/core/src/test/java/flex/messaging/io/amf/MessageGenerator.java
index 21f0308..da1b0ae 100644
--- a/core/src/test/java/flex/messaging/io/amf/MessageGenerator.java
+++ b/core/src/test/java/flex/messaging/io/amf/MessageGenerator.java
@@ -18,7 +18,6 @@
package flex.messaging.io.amf;
import flex.messaging.io.SerializationContext;
-import org.apache.xpath.CachedXPathAPI;
import org.w3c.dom.Document;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;
@@ -28,6 +27,11 @@ import javax.xml.parsers.DocumentBuilder;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.parsers.ParserConfigurationException;
import javax.xml.transform.TransformerException;
+import javax.xml.xpath.XPath;
+import javax.xml.xpath.XPathConstants;
+import javax.xml.xpath.XPathExpressionException;
+import javax.xml.xpath.XPathFactory;
+
import java.io.File;
import java.io.IOException;
import java.util.ArrayList;
@@ -67,6 +71,8 @@ public class MessageGenerator extends Amf0Output {
Document doc = docBuilder.parse(file);
doc.getDocumentElement().normalize();
parseAmf(doc);
+ } catch(XPathExpressionException ex) {
+ throw new RuntimeException(ex);
} catch (TransformerException ex) {
throw new RuntimeException(ex);
} catch (SAXException ex) {
@@ -77,13 +83,13 @@ public class MessageGenerator extends Amf0Output {
}
- private void parseAmf(Document doc) throws TransformerException,
IOException {
- CachedXPathAPI xpath = new CachedXPathAPI();
- Node root = xpath.selectSingleNode(doc, "/amf-request");
+ private void parseAmf(Document doc) throws TransformerException,
IOException, XPathExpressionException {
+ XPath xpath = XPathFactory.newInstance().newXPath();
+ Node root = (Node) xpath.evaluate("/amf-request", doc,
XPathConstants.NODE);
if (root != null) {
// messages
- NodeList list = xpath.selectNodeList(root, "message");
+ NodeList list = (NodeList) xpath.evaluate("message", root,
XPathConstants.NODESET);
for (int i = 0; i < list.getLength(); i++) {
Node message = list.item(i);
message(xpath, message);
@@ -91,16 +97,16 @@ public class MessageGenerator extends Amf0Output {
}
}
- private void message(CachedXPathAPI xpath, Node message) throws
TransformerException, IOException {
- int version = (int) xpath.eval(message, "version").num();
+ private void message(XPath xpath, Node message) throws
TransformerException, IOException, XPathExpressionException {
+ int version = ((Double) xpath.evaluate("version", message,
XPathConstants.NUMBER)).intValue();
out.writeShort(version);
// Headers
- Node headers = xpath.selectSingleNode(message, "headers");
- int headerCount = (int) xpath.eval(headers, "@count").num();
+ Node headers = (Node) xpath.evaluate("headers", message,
XPathConstants.NODE);
+ int headerCount = ((Double) xpath.evaluate("@count", headers,
XPathConstants.NUMBER)).intValue();
out.writeShort(headerCount);
- NodeList list = xpath.selectNodeList(headers, "header");
+ NodeList list = (NodeList) xpath.evaluate("header", headers,
XPathConstants.NODESET);
for (int i = 0; i < headerCount; i++) {
Node header = list.item(i);
if (header != null) {
@@ -111,11 +117,11 @@ public class MessageGenerator extends Amf0Output {
}
// Bodies
- Node bodies = xpath.selectSingleNode(message, "bodies");
- int bodyCount = (int) xpath.eval(bodies, "@count").num();
+ Node bodies = (Node) xpath.evaluate("bodies", message,
XPathConstants.NODE);
+ int bodyCount = ((Double) xpath.evaluate("@count", bodies,
XPathConstants.NUMBER)).intValue();
out.writeShort(bodyCount);
- list = xpath.selectNodeList(bodies, "body");
+ list = (NodeList) xpath.evaluate("body", bodies,
XPathConstants.NODESET);
for (int i = 0; i < bodyCount; i++) {
Node body = list.item(i);
if (body != null) {
@@ -126,9 +132,9 @@ public class MessageGenerator extends Amf0Output {
}
}
- private void header(CachedXPathAPI xpath, Node header, int i) throws
TransformerException, IOException {
- String name = xpath.eval(header, "@name").toString();
- boolean mustUnderstand = xpath.eval(header, "@mustUnderstand").bool();
+ private void header(XPath xpath, Node header, int i) throws
TransformerException, IOException, XPathExpressionException {
+ String name = xpath.evaluate("@name", header);
+ boolean mustUnderstand = (Boolean) xpath.evaluate("@mustUnderstand",
header, XPathConstants.BOOLEAN);
if (isDebug)
trace.startHeader(name, mustUnderstand, i);
@@ -136,12 +142,12 @@ public class MessageGenerator extends Amf0Output {
out.writeUTF(name);
out.writeBoolean(mustUnderstand);
- //int length = (int)xpath.eval(body, "@length").num();
+ //int length = ((Double) xpath.evaluate("@length", body,
XPathConstants.NUMBER)).intValue();
out.writeInt(-1); //Specify unknown content length
reset();
- Node data = xpath.selectSingleNode(header, "*"); // Only one data item
can be sent as the body...
+ Node data = (Node) xpath.evaluate("*", header, XPathConstants.NODE);
// Only one data item can be sent as the body...
Object value = value(xpath, data);
writeObject(value);
@@ -149,9 +155,9 @@ public class MessageGenerator extends Amf0Output {
trace.endHeader();
}
- private void body(CachedXPathAPI xpath, Node body, int i) throws
TransformerException, IOException {
- String targetUri = xpath.eval(body, "@targetUri").toString();
- String responseUri = xpath.eval(body, "@responseUri").toString();
+ private void body(XPath xpath, Node body, int i) throws
TransformerException, IOException, XPathExpressionException {
+ String targetUri = xpath.evaluate("@targetUri", body);
+ String responseUri = xpath.evaluate("@responseUri", body);
if (isDebug)
trace.startMessage(targetUri, responseUri, i);
@@ -159,12 +165,12 @@ public class MessageGenerator extends Amf0Output {
out.writeUTF(targetUri);
out.writeUTF(responseUri);
- //int length = (int)xpath.eval(body, "@length").num();
+ //int length = ((Double) xpath.evaluate("@length", body,
XPathConstants.NUMBER)).intValue();
out.writeInt(-1); //Specify unknown content length
reset();
- Node data = xpath.selectSingleNode(body, "*"); // Only one data item
can be sent as the body...
+ Node data = (Node) xpath.evaluate("*", body, XPathConstants.NODE); //
Only one data item can be sent as the body...
Object value = value(xpath, data);
writeObject(value);
@@ -172,9 +178,9 @@ public class MessageGenerator extends Amf0Output {
trace.endMessage();
}
- private Object value(CachedXPathAPI xpath, Node node) throws
TransformerException, IOException {
+ private Object value(XPath xpath, Node node) throws TransformerException,
IOException, XPathExpressionException {
String type = node.getNodeName();
- String value = xpath.eval(node, ".").toString();
+ String value = xpath.evaluate(".", node);
if (value == null) {
return null;
@@ -192,9 +198,9 @@ public class MessageGenerator extends Amf0Output {
} else if ("array".equals(type)) {
List<Object> array = new ArrayList<Object>();
- int count = (int) xpath.eval(node, "@count").num();
+ int count = ((Double) xpath.evaluate("@count", node,
XPathConstants.NUMBER)).intValue();
- NodeList list = xpath.selectNodeList(node, "*");
+ NodeList list = (NodeList) xpath.evaluate("*", node,
XPathConstants.NODESET);
for (int i = 0; i < count; i++) {
Node item = list.item(i);
if (item != null) {
@@ -208,7 +214,7 @@ public class MessageGenerator extends Amf0Output {
} else if ("object".equals(type)) {
ASObject object = new ASObject();
- NodeList list = xpath.selectNodeList(node,
"*[not(self::property)]");
+ NodeList list = (NodeList)
xpath.evaluate("*[not(self::property)]", node, XPathConstants.NODESET);
List<Object> traitProperties = null;
@@ -217,9 +223,9 @@ public class MessageGenerator extends Amf0Output {
if (i == 0) {
Node traits = list.item(i);
- String className = xpath.eval(traits,
"@classname").toString().trim();
- int count = (int) xpath.eval(traits, "@count").num();
- // boolean dynamic = xpath.eval(traits,
"@dynamic").bool();
+ String className = xpath.evaluate("@classname",
traits).trim();
+ int count = ((Double) xpath.evaluate("@count", traits,
XPathConstants.NUMBER)).intValue();
+ // boolean dynamic = (Boolean)
xpath.evaluate("@dynamic", traits, XPathConstants.BOOLEAN);
traitProperties = new ArrayList<Object>(count);
@@ -227,11 +233,11 @@ public class MessageGenerator extends Amf0Output {
object.setType(className);
}
- NodeList propList = xpath.selectNodeList(traits,
"property");
+ NodeList propList = (NodeList)
xpath.evaluate("property", traits, XPathConstants.NODESET);
for (int p = 0; p < count; p++) {
Node prop = propList.item(p);
if (prop != null) {
- String propName = xpath.eval(prop,
"@name").toString().trim();
+ String propName = xpath.evaluate("@name",
prop).trim();
traitProperties.add(propName);
} else {
throw new RuntimeException("Missing trait
property(ies). Specified " + count + ", found " + (p - 1));
@@ -245,11 +251,11 @@ public class MessageGenerator extends Amf0Output {
}
// DYNAMIC PROPERTIES
- list = xpath.selectNodeList(node, "property");
+ list = (NodeList) xpath.evaluate("property", node,
XPathConstants.NODESET);
for (int i = 0; i < list.getLength(); i++) {
Node prop = list.item(i);
- String propName = xpath.eval(prop, "@name").toString();
- Node propValue = xpath.selectSingleNode(prop, "*");
+ String propName = xpath.evaluate("@name", prop);
+ Node propValue = (Node) xpath.evaluate("*", prop,
XPathConstants.NODE);
object.put(propName, value(xpath, propValue));
}
@@ -261,7 +267,7 @@ public class MessageGenerator extends Amf0Output {
} else {
if ("avmplus".equals(type)) {
setAvmPlus(true);
- Node data = xpath.selectSingleNode(node, "*"); // Only one
data item can be sent as the body...
+ Node data = (Node) xpath.evaluate("*", node,
XPathConstants.NODE); // Only one data item can be sent as the body...
return value(xpath, data);
} else if ("string".equals(type)) {
return value;
@@ -272,9 +278,9 @@ public class MessageGenerator extends Amf0Output {
} else if ("array".equals(type)) {
List<Object> array = new ArrayList<Object>();
- int count = (int) xpath.eval(node, "@count").num();
+ int count = ((Double) xpath.evaluate("@count", node,
XPathConstants.NUMBER)).intValue();
- NodeList list = xpath.selectNodeList(node, "*");
+ NodeList list = (NodeList) xpath.evaluate("*", node,
XPathConstants.NODESET);
for (int i = 0; i < count; i++) {
Node item = list.item(i);
if (item != null) {
@@ -287,16 +293,16 @@ public class MessageGenerator extends Amf0Output {
return array;
} else if ("object".equals(type)) {
ASObject object = new ASObject();
- String className = xpath.eval(node,
"@classname").toString().trim();
+ String className = xpath.evaluate("@classname", node).trim();
if (className.length() > 0) {
object.setType(className);
}
- NodeList list = xpath.selectNodeList(node, "property");
+ NodeList list = (NodeList) xpath.evaluate("property", node,
XPathConstants.NODESET);
for (int i = 0; i < list.getLength(); i++) {
Node prop = list.item(i);
- String propName = xpath.eval(prop,
"@name").toString().trim();
+ String propName = xpath.evaluate("@name", prop).trim();
object.put(propName, value(xpath, prop));
}
diff --git
a/core/src/test/java/flex/messaging/io/amfx/DeserializationConfirmation.java
b/core/src/test/java/flex/messaging/io/amfx/DeserializationConfirmation.java
index c5d244a..d3db63b 100644
--- a/core/src/test/java/flex/messaging/io/amfx/DeserializationConfirmation.java
+++ b/core/src/test/java/flex/messaging/io/amfx/DeserializationConfirmation.java
@@ -28,13 +28,17 @@ import java.util.IdentityHashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
+
+import javax.xml.xpath.XPath;
+import javax.xml.xpath.XPathConstants;
+import javax.xml.xpath.XPathFactory;
+
import java.util.ArrayList;
import java.lang.reflect.Array;
import org.w3c.dom.Document;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;
-import org.apache.xpath.CachedXPathAPI;
/**
* Verifies that a deserialized ActionMessage
@@ -224,10 +228,10 @@ public abstract class DeserializationConfirmation {
boolean match = false;
try {
- CachedXPathAPI xpath1 = new CachedXPathAPI();
- CachedXPathAPI xpath2 = new CachedXPathAPI();
- Node root1 = xpath1.selectSingleNode(doc1, "/");
- Node root2 = xpath2.selectSingleNode(doc2, "/");
+ XPath xpath1 = XPathFactory.newInstance().newXPath();
+ XPath xpath2 = XPathFactory.newInstance().newXPath();
+ Node root1 = (Node) xpath1.evaluate("/", doc1,
XPathConstants.NODE);
+ Node root2 = (Node) xpath2.evaluate("/", doc2,
XPathConstants.NODE);
if (!nodesMatch(xpath1, root1, xpath2, root2)) {
return false;
@@ -242,20 +246,20 @@ public abstract class DeserializationConfirmation {
}
- protected boolean nodesMatch(CachedXPathAPI xpath1, Node node1,
CachedXPathAPI xpath2, Node node2) {
+ protected boolean nodesMatch(XPath xpath1, Node node1, XPath xpath2, Node
node2) {
boolean match = false;
try {
- NodeList list1 = xpath1.selectNodeList(node1, "*");
- NodeList list2 = xpath2.selectNodeList(node2, "*");
+ NodeList list1 = (NodeList) xpath1.evaluate("*", node1,
XPathConstants.NODESET);
+ NodeList list2 = (NodeList) xpath2.evaluate("*", node2,
XPathConstants.NODESET);
if (list1.getLength() == list2.getLength()) {
for (int i = 0; i < list1.getLength(); i++) {
Node n1 = list1.item(i);
Node n2 = list2.item(i);
- NodeList attributes1 = xpath1.selectNodeList(n1, "@*");
- NodeList attributes2 = xpath2.selectNodeList(n2, "@*");
+ NodeList attributes1 = (NodeList) xpath1.evaluate("@*",
n1, XPathConstants.NODESET);
+ NodeList attributes2 = (NodeList) xpath2.evaluate("@*",
n2, XPathConstants.NODESET);
if (!attributesMatch(attributes1, attributes2)) {
return false;
diff --git a/pom.xml b/pom.xml
index 57fdcce..788f605 100755
--- a/pom.xml
+++ b/pom.xml
@@ -322,12 +322,6 @@
<dependencyManagement>
<dependencies>
- <dependency>
- <groupId>xalan</groupId>
- <artifactId>xalan</artifactId>
- <version>2.7.2</version>
- </dependency>
-
<!-- TODO: This is the latest version of commons-httpclient,
however there are CVEs reported for this, the replacement is
org.apache.httpcomponents:httpclient however changing to this requires quite
some refactoring of the code -->
<dependency>
<groupId>commons-httpclient</groupId>
