[
https://issues.apache.org/jira/browse/SLING-10953?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17471865#comment-17471865
]
Konrad Windszus commented on SLING-10953:
-----------------------------------------
Why no using Xalan-Java 2.7.2 directly (instead of relying what is shipped with
the JRE)?
Should be possible by explicitly configure this with System property
{{javax.xml.transform.TransformerFactory}} and hopefully is not too hard to
wrap as OSGi bundle.
> Update dependency Antisamy version from 1.5.10 to 1.6.4
> -------------------------------------------------------
>
> Key: SLING-10953
> URL: https://issues.apache.org/jira/browse/SLING-10953
> Project: Sling
> Issue Type: Improvement
> Reporter: Tatyana Vogel
> Priority: Major
> Fix For: XSS Protection API 2.2.18
>
> Time Spent: 20m
> Remaining Estimate: 0h
>
> The latest version of AntiSamy is 1.6.4, see
> https://search.maven.org/search?q=g:org.owasp.antisamy%20AND%20a:antisamy .
> We should upgrade to that version, since we embed the AntiSamy bundle and
> there is no other way for consumers of the bundle to upgrade.
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
