[jira] [Commented] (TIKA-4135) Remove xerces from Tika 3.x/main branch?

Tim Allison (Jira) Fri, 29 Sep 2023 11:33:03 -0700


    [ 
https://issues.apache.org/jira/browse/TIKA-4135?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17770560#comment-17770560
 ]


Tim Allison commented on TIKA-4135:
-----------------------------------

We might have to set it programmatically?  Yuck: 
https://docs.oracle.com/en/java/javase/21/docs/api/java.xml/org/xml/sax/Parser.html

> Remove xerces from Tika 3.x/main branch?
> ----------------------------------------
>
>                 Key: TIKA-4135
>                 URL: https://issues.apache.org/jira/browse/TIKA-4135
>             Project: Tika
>          Issue Type: Wish
>            Reporter: Tim Allison
>            Priority: Major
>
> We've gotten requests over the years to get rid of xerces.  Should we do that 
> in 3.x/main?
> The one nice thing about including it is that it offers some consistency 
> across java versions and platforms.  This can help with securing the parsers 
> (against xxe, etc).  This can also make debugging easier.
> However, as people have pointed out, the xerces project appears to be in 
> security-fix-only mode.
> WDYT?



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Commented] (TIKA-4135) Remove xerces from Tika 3.x/main branch?

Reply via email to