[
https://issues.apache.org/jira/browse/TIKA-4135?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17770557#comment-17770557
]
Tim Allison commented on TIKA-4135:
-----------------------------------
Interesting. I guess we'll have to turn off the check for message contents. I
guess xerces didn't use any internationalization, but modern versions of Java's
xml parser do?
> Remove xerces from Tika 3.x/main branch?
> ----------------------------------------
>
> Key: TIKA-4135
> URL: https://issues.apache.org/jira/browse/TIKA-4135
> Project: Tika
> Issue Type: Wish
> Reporter: Tim Allison
> Priority: Major
>
> We've gotten requests over the years to get rid of xerces. Should we do that
> in 3.x/main?
> The one nice thing about including it is that it offers some consistency
> across java versions and platforms. This can help with securing the parsers
> (against xxe, etc). This can also make debugging easier.
> However, as people have pointed out, the xerces project appears to be in
> security-fix-only mode.
> WDYT?
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
