Hi Vladimir, I think, fixing the CVE that you're referring to, is to support Apache JMeter.
I'm personally fine, keeping the Java byte code level to 1.7 for the next XalanJ release. We can't keep byte code level lower than 1.7, for XalanJ's next release, because otherwise XalanJ's next release can't use latest XercesJ (since its byte code is at level 1.7). Since, we earlier on this list (about two months ago), agreed to have byte code level to 1.8 for XalanJ's next release (it was Gary's suggestion, and we agreed to that). I hope, Gary or others on this list shall not have objections, keeping byte code level to 1.7, for XalanJ's next release. On Mon, Jul 25, 2022 at 3:29 PM Vladimir Sitnikov <vladimirsitni...@apache.org> wrote: > > If we consider "fix CVE" release, then keeping 1.5 or 1.7 bytecode would make > sense. > Just in case: 1.8 would be fine for me, however, releasing the CVE fix with > 1.5 bytecode would not be harder than 1.8, and it would help a broader set of > users. -- Regards, Mukul Gandhi --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@xalan.apache.org For additional commands, e-mail: dev-h...@xalan.apache.org
