If things go well with 2.7.2 and I've not broken anything compared to 2.7.1, then we can start more release trains.
I do not intend to re-roll another RC to add more patches, only to fix regressions or something obviously wrong. The next step beyong 2.7.2 would be to find out what is the difference between 2.7.2 and trunk so that the recent 2.7.2 changes can be merged back into trunk and normal development can continue on trunk. It would be great to stabilize and clean up trunk to figure out why the JRE has to be bumped up so much just to get it to build and run tests. I do not know yet if that was on purpose or inadvertent. Gary On Thu, Mar 27, 2014 at 12:34 AM, USHAKOV, Sergey <[email protected]>wrote: > Hi, and sorry if breaking in at wrong moment with wrong topic. > > And it is great to see life is coming back here to XALAN-J too :) > > Not sure it might be a good idea to interrupt the process of the new > release being issued, but I would like to draw the committers' attention to > the XALANJ-2544 <https://issues.apache.org/jira/browse/XALANJ-2544>issue. > This issue is about entity resolving being not available for XSLT > (transform template) file, while being normally available for source XML > file. A patch is available, so it would be great to have this patch > reviewed and merged if possible, be it with this release or with the the > next one... > > And I am always here to provide comments and feedback if necessary... > > Regards, > Sergey Ushakov > > > > On 26.03.14 22:59, Gary Gregory wrote: > > Hello All: > > This is a VOTE to release Apache Xalan-J 2.7.2-RC1 as 2.7.2 > > This is a bug fix release. As before, Xalan-J requires a minimum of Java > 1.3. > > The Apache Xalan-J team is pleased to announce the Apache Xalan-J 2.7.2 > release! > > Xalan-Java fully implements XSL Transformations (XSLT) Version 1.0 and the > XML Path Language (XPath) Version 1.0. > > Changes in this version include: > > Fixed Bugs: > > - Fix for CVE-2014-0107 insufficient secure processing > > When using FEATURE_SECURE_PROCESSING (" > http://javax.xml.XMLConstants/feature/secure-processing";) on a > TransformerFactory, the output properties: > > {http://xml.apache.org/xalan}content-handler > {http://xml.apache.org/xalan}entities > {http://xml.apache.org/xslt}content-handler > {http://xml.apache.org/xslt}entities > > should be ignored (see > http://xml.apache.org/xalan-j/usagepatterns.html#outputprops) > > These properties can be used to load an arbitrary class or access an > arbitrary URL/resource so are problematic when secure processing is desired. > > <xsl:output xalan:content-handler="org.example.BadClass" ... > > <xsl:output xalan:entities="http://example.org/reallyLargeFile.bin"; ... > > These features could be used to load a class that had undesirable > side-effects or to load a large file and exhaust memory, etc. > > See XALANJ-2435. > > - Upgrade to Xerces-J 2.11.0 and XML Commons External 1.4.01 > > The distributions contain upgraded versions of xercesImpl.jar (Xerces-J > 2.11.0) and xml-apis.jar (XML Commons External 1.4.01). > > > - XALANJ Jira bug fixes > > XALANJ Jira bug fixes: 2435, 2580, 2546, 2581, 2582, 2583, 2473, 2495, > 2493, 2424, 2446, 2447 > > You can also view the list in Jira: > https://issues.apache.org/jira/browse/XALANJ-2424?jql=project%20%3D%20XALANJ%20AND%20fixVersion%20%3D%202.7.2%20ORDER%20BY%20due%20ASC%2C%20priority%20DESC%2C%20created%20ASC > > This VOTE is open for at least 72 hours until March 29 2014 at 15:00 PM > EST. > > The files: > > https://people.apache.org/~ggregory/xalan/2.7.1-rc1/dist/ > > The tags: > > https://svn.apache.org/repos/asf/xalan/java/tags/xalan-j_2_7_2-rc1 > https://svn.apache.org/repos/asf/xalan/test/tags/xalan-j_2_7_2-rc1 > > The docs: > > https://people.apache.org/~ggregory/xalan/2.7.1-rc1/site/ > > Thank you, > Gary Gregory > > -- > E-Mail: [email protected] | [email protected] > Java Persistence with Hibernate, Second > Edition<http://www.manning.com/bauer3/> > JUnit in Action, Second Edition <http://www.manning.com/tahchiev/> > Spring Batch in Action <http://www.manning.com/templier/> > Blog: http://garygregory.wordpress.com > Home: http://garygregory.com/ > Tweet! http://twitter.com/GaryGregory > > > -- E-Mail: [email protected] | [email protected] Java Persistence with Hibernate, Second Edition<http://www.manning.com/bauer3/> JUnit in Action, Second Edition <http://www.manning.com/tahchiev/> Spring Batch in Action <http://www.manning.com/templier/> Blog: http://garygregory.wordpress.com Home: http://garygregory.com/ Tweet! http://twitter.com/GaryGregory
