svn commit: r1842774 - in /xerces/java: branches/xml-schema-1.1-dev/docs/releases.xml trunk/docs/releases.xml

Wed, 03 Oct 2018 23:25:12 -0700 

Author: mukulg
Date: Thu Oct  4 06:13:25 2018
New Revision: 1842774

URL: http://svn.apache.org/viewvc?rev=1842774&view=rev
Log:
minor changes to release notes, for XercesJ2 2.12.0 release

Modified:
    xerces/java/branches/xml-schema-1.1-dev/docs/releases.xml
    xerces/java/trunk/docs/releases.xml

Modified: xerces/java/branches/xml-schema-1.1-dev/docs/releases.xml
URL: 
http://svn.apache.org/viewvc/xerces/java/branches/xml-schema-1.1-dev/docs/releases.xml?rev=1842774&r1=1842773&r2=1842774&view=diff
==============================================================================
--- xerces/java/branches/xml-schema-1.1-dev/docs/releases.xml (original)
+++ xerces/java/branches/xml-schema-1.1-dev/docs/releases.xml Thu Oct  4 
06:13:25 2018
@@ -65,6 +65,14 @@
        </fix>
        <fix>
        <note>
+               Fixed possible security issue: an implementation of the 
NamedNodeMapImpl class in the JAXP component did not 
+               limit the amount of memory allocated when creating object 
instance from a serialized form. A specially-crafted 
+               input could cause a java application to use an excessive amount 
of memory when deserialized.
+       </note>
+       <submitter name='David Dillard, Michael Glavassevich, Mukul Gandhi'/>
+       </fix>
+       <fix>
+       <note>
                Implemented minor and major fixes in certain areas, to XML 
Schema 1.0 and 1.1 implementations.
        </note>
        <submitter name='Michael Glavassevich, Khaled Noaman, Sandy Gao, Mukul 
Gandhi'/>

Modified: xerces/java/trunk/docs/releases.xml
URL: 
http://svn.apache.org/viewvc/xerces/java/trunk/docs/releases.xml?rev=1842774&r1=1842773&r2=1842774&view=diff
==============================================================================
--- xerces/java/trunk/docs/releases.xml (original)
+++ xerces/java/trunk/docs/releases.xml Thu Oct  4 06:13:25 2018
@@ -65,6 +65,14 @@
        </fix>
        <fix>
        <note>
+               Fixed possible security issue: an implementation of the 
NamedNodeMapImpl class in the JAXP component did not 
+               limit the amount of memory allocated when creating object 
instance from a serialized form. A specially-crafted 
+               input could cause a java application to use an excessive amount 
of memory when deserialized.
+       </note>
+       <submitter name='David Dillard, Michael Glavassevich, Mukul Gandhi'/>
+       </fix>
+       <fix>
+       <note>
                Implemented minor and major fixes in certain areas, to XML 
Schema 1.0 and 1.1 implementations.
        </note>
        <submitter name='Michael Glavassevich, Khaled Noaman, Sandy Gao, Mukul 
Gandhi'/>



---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to