Nick Burch <> changed:

           What    |Removed                     |Added
             Status|NEW                         |NEEDINFO
                 OS|                            |All

--- Comment #1 from Nick Burch <> ---
The former we're unlikely to fix - Apache POI has multiple jars which make up
the project and allow you to exclude the parts of the project you don't want.
Because of design decisions taken by the Java 9 jigsaw team, our only fix is to
provide a single uber-jar with everything in. We're discussing that now, but
you could easily build your own if you wanted in the mean time

The latter I don't know how we can fix. For security reasons, we need to tell
the built-in Java XML parser to turn on non-default settings to increase the
parsing security. I don't believe that there's a public API for doing that,
only the private ones.

Are you able to find any Java 9 advice on how to turn on the XML security
features with the built-in xml parser using only public calls in Java 9?

You are receiving this mail because:
You are the assignee for the bug.
To unsubscribe, e-mail:
For additional commands, e-mail:

Reply via email to