Dear XALAN java project dev community, This is Venky from Broadcom Software Group writing about the recent vulnerability <https://nvd.nist.gov/vuln/detail/CVE-2022-34169> reported that might execute arbitrary Java bytecode while processing malicious XSLT stylesheets.
I understand that this project is dormant and being retired. Many projects, including OpenJDK, and XMLSec, uses XALAN binary. Do you anticipate providing a fix for this vulnerable binary? Or* if we provide the fix and test it, would you endorse it and make it available on the project website?* Kindly advise. -Venky Karukuri -- This electronic communication and the information and any files transmitted with it, or attached to it, are confidential and are intended solely for the use of the individual or entity to whom it is addressed and may contain information that is confidential, legally privileged, protected by privacy laws, or otherwise restricted from disclosure to anyone else. If you are not the intended recipient or the person responsible for delivering the e-mail to the intended recipient, you are hereby notified that any use, copying, distributing, dissemination, forwarding, printing, or copying of this e-mail is strictly prohibited. If you received this e-mail in error, please return the e-mail to the sender, delete it from your computer, and destroy any printed copy of it.
smime.p7s
Description: S/MIME Cryptographic Signature
