[
https://issues.apache.org/jira/browse/XALANJ-2637?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17601711#comment-17601711
]
Felix Knecht commented on XALANJ-2637:
--------------------------------------
I think this is about
[CVE-2022-34169|http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-34169]
[~vicfromhell] : Also see the dev discussion here:
[https://lists.apache.org/thread/2qvl7r43wb4t8p9dd9om1bnkssk07sn8]
[~ggregory] : It would be great to see a 2.7.2.1 with this fix included on
maven central. I also saw that OpenJDK seems to package a fixed version of
xalan so I would not need to package it myself? Is there a list of JDKs that
package xalan?
> Xalan 2.7.2 Vulnerability
> -------------------------
>
> Key: XALANJ-2637
> URL: https://issues.apache.org/jira/browse/XALANJ-2637
> Project: XalanJ2
> Issue Type: Bug
> Security Level: No security risk; visible to anyone(Ordinary problems in
> Xalan projects. Anybody can view the issue.)
> Components: Xalan
> Affects Versions: 2.7.2
> Reporter: vick
> Assignee: Gary D. Gregory
> Priority: Major
> Fix For: 2.7.2
>
>
> I need to remove the vulnerability detected for the Apache Xalan library,
> version 2.7.2, so the application will be free of this vulnerability
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@xalan.apache.org
For additional commands, e-mail: dev-h...@xalan.apache.org
