On Thu, Mar 27, 2014 at 2:41 PM, USHAKOV, Sergey <[email protected]>wrote:
> Thank you Gary, that's fair enough. > YW. Welcome to the mailing list (aka the ML). > > Just in case, could you kindly describe in few words the current Xalan-J > development process? > You can start with https://xml.apache.org/xalan-j/charter.html and https://www.apache.org/foundation/getinvolved.html Keep in mind that we are volunteers working for a non-profit organization :) > What is the trunk that you mention? > You need to learn about version control and Apache Subversion then ;) As it relates to Xalan, start here https://xml.apache.org/xalan-j/downloads.html#buildmyself > Is the development process related, and how, to > OpenJDK/Java.Net/Oracle/other procedures? > You'll have to contrast and compare that for yourself. > How is the new release planning organized? > On an as need be basis, normally by discussions on the development mailing list. > Who belongs to the committers team? > https://people.apache.org/committers-by-project.html#xalan > How can minor contributors like me facilitate the progress? :) > https://www.apache.org/foundation/getinvolved.html Gary > > Thanks and best regards, > Sergey > > > On 27.03.14 09:08, Gary Gregory wrote: > > If things go well with 2.7.2 and I've not broken anything compared to > 2.7.1, then we can start more release trains. > > I do not intend to re-roll another RC to add more patches, only to fix > regressions or something obviously wrong. > > The next step beyong 2.7.2 would be to find out what is the difference > between 2.7.2 and trunk so that the recent 2.7.2 changes can be merged back > into trunk and normal development can continue on trunk. It would be great > to stabilize and clean up trunk to figure out why the JRE has to be bumped > up so much just to get it to build and run tests. I do not know yet if that > was on purpose or inadvertent. > > Gary > > > > > On Thu, Mar 27, 2014 at 12:34 AM, USHAKOV, Sergey > <[email protected]>wrote: > >> Hi, and sorry if breaking in at wrong moment with wrong topic. >> >> And it is great to see life is coming back here to XALAN-J too :) >> >> Not sure it might be a good idea to interrupt the process of the new >> release being issued, but I would like to draw the committers' attention to >> the XALANJ-2544 <https://issues.apache.org/jira/browse/XALANJ-2544>issue. >> This issue is about entity resolving being not available for XSLT >> (transform template) file, while being normally available for source XML >> file. A patch is available, so it would be great to have this patch >> reviewed and merged if possible, be it with this release or with the the >> next one... >> >> And I am always here to provide comments and feedback if necessary... >> >> Regards, >> Sergey Ushakov >> >> >> >> On 26.03.14 22:59, Gary Gregory wrote: >> >> Hello All: >> >> This is a VOTE to release Apache Xalan-J 2.7.2-RC1 as 2.7.2 >> >> This is a bug fix release. As before, Xalan-J requires a minimum of Java >> 1.3. >> >> The Apache Xalan-J team is pleased to announce the Apache Xalan-J 2.7.2 >> release! >> >> Xalan-Java fully implements XSL Transformations (XSLT) Version 1.0 and >> the XML Path Language (XPath) Version 1.0. >> >> Changes in this version include: >> >> Fixed Bugs: >> >> - Fix for CVE-2014-0107 insufficient secure processing >> >> When using FEATURE_SECURE_PROCESSING (" >> http://javax.xml.XMLConstants/feature/secure-processing";) on a >> TransformerFactory, the output properties: >> >> {http://xml.apache.org/xalan}content-handler >> {http://xml.apache.org/xalan}entities >> {http://xml.apache.org/xslt}content-handler >> {http://xml.apache.org/xslt}entities >> >> should be ignored (see >> http://xml.apache.org/xalan-j/usagepatterns.html#outputprops) >> >> These properties can be used to load an arbitrary class or access an >> arbitrary URL/resource so are problematic when secure processing is desired. >> >> <xsl:output xalan:content-handler="org.example.BadClass" ... >> >> <xsl:output xalan:entities="http://example.org/reallyLargeFile.bin"; ... >> >> These features could be used to load a class that had undesirable >> side-effects or to load a large file and exhaust memory, etc. >> >> See XALANJ-2435. >> >> - Upgrade to Xerces-J 2.11.0 and XML Commons External 1.4.01 >> >> The distributions contain upgraded versions of xercesImpl.jar (Xerces-J >> 2.11.0) and xml-apis.jar (XML Commons External 1.4.01). >> >> >> - XALANJ Jira bug fixes >> >> XALANJ Jira bug fixes: 2435, 2580, 2546, 2581, 2582, 2583, 2473, 2495, >> 2493, 2424, 2446, 2447 >> >> You can also view the list in Jira: >> https://issues.apache.org/jira/browse/XALANJ-2424?jql=project%20%3D%20XALANJ%20AND%20fixVersion%20%3D%202.7.2%20ORDER%20BY%20due%20ASC%2C%20priority%20DESC%2C%20created%20ASC >> >> This VOTE is open for at least 72 hours until March 29 2014 at 15:00 PM >> EST. >> >> The files: >> >> https://people.apache.org/~ggregory/xalan/2.7.1-rc1/dist/ >> >> The tags: >> >> https://svn.apache.org/repos/asf/xalan/java/tags/xalan-j_2_7_2-rc1 >> https://svn.apache.org/repos/asf/xalan/test/tags/xalan-j_2_7_2-rc1 >> >> The docs: >> >> https://people.apache.org/~ggregory/xalan/2.7.1-rc1/site/ >> >> Thank you, >> Gary Gregory >> >> -- >> E-Mail: [email protected] | [email protected] >> Java Persistence with Hibernate, Second >> Edition<http://www.manning.com/bauer3/> >> JUnit in Action, Second Edition <http://www.manning.com/tahchiev/> >> Spring Batch in Action <http://www.manning.com/templier/> >> Blog: http://garygregory.wordpress.com >> Home: http://garygregory.com/ >> Tweet! http://twitter.com/GaryGregory >> >> >> > > > -- > E-Mail: [email protected] | [email protected] > Java Persistence with Hibernate, Second > Edition<http://www.manning.com/bauer3/> > JUnit in Action, Second Edition <http://www.manning.com/tahchiev/> > Spring Batch in Action <http://www.manning.com/templier/> > Blog: http://garygregory.wordpress.com > Home: http://garygregory.com/ > Tweet! http://twitter.com/GaryGregory > > > -- E-Mail: [email protected] | [email protected] Java Persistence with Hibernate, Second Edition<http://www.manning.com/bauer3/> JUnit in Action, Second Edition <http://www.manning.com/tahchiev/> Spring Batch in Action <http://www.manning.com/templier/> Blog: http://garygregory.wordpress.com Home: http://garygregory.com/ Tweet! http://twitter.com/GaryGregory
