[
https://issues.apache.org/jira/browse/TIKA-2466?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16166949#comment-16166949
]
Nick Burch commented on TIKA-2466:
----------------------------------
If we're going to use {{DocumentBuilderFactory}}, then we need to make sure
we're using a safe / locked down version, which the default isn't always.
We have logic for building a "safe" one in
{{org.apache.tika.parser.ParseContext}}. Not sure if we should call out to
that, or move it to a utils method for both to use. Any thoughts
[~talli...@mitre.org], as the person who added that code?
Possibly ditto {{TransformerFactory}}
> Remove JAXB usage
> -----------------
>
> Key: TIKA-2466
> URL: https://issues.apache.org/jira/browse/TIKA-2466
> Project: Tika
> Issue Type: Improvement
> Components: config
> Affects Versions: 1.14, 1.15, 1.16
> Reporter: Robert Munteanu
> Attachments: 0001-TIKA-2466-Remove-JAXB-usage.patch
>
>
> Starting with Java 9 the {{javax.xml.bind}} classes are now part of the
> {{java.se.ee}} module which is not enabled by default. To simplify the Java 9
> integration ( no --add-modules CLI switch, no explicity Java 9 module ) I
> propose we simply replace JAXB with something else.
> See
> https://lists.apache.org/thread.html/72342314e709417bcb777fd3511b700dee443a3a658b730e52f99e38@%3Cuser.tika.apache.org%3E
> for more context
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
