On Thu, Jan 19, 2023 at 3:49 PM Gary Gregory <garydgreg...@gmail.com> wrote: > I'm worried these changes will just be overwritten when we publish the site > for the upcoming 2.7.3 version. The changes should be done to the site > sources in the git repo.
Ha, sorry, missed that somehow... I assume that'd be https://github.com/apache/xalan-site/pull/1 ? Kind regards, Arnout > On Thu, Jan 19, 2023, 04:27 Arnout Engelen <enge...@apache.org> wrote: >> >> Hello, >> >> It seems people occasionally don't realize they should expect to take >> some precautions before using Xalan on untrusted input. It might be >> good to make an explicit note about that on the website, something >> like the attached patch? >> >> Of course it would be even better if we could provide (or link to) >> in-depth instructions, but until we have something like that I think >> just highlighting the fact that this needs people's attention would be >> an improvement. >> >> The patch is against https://svn.apache.org/repos/asf/xalan/site/ . I >> also took the opportunity of updating some links to https. >> >> >> Kind regards, >> >> Arnout >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: dev-unsubscr...@xalan.apache.org >> For additional commands, e-mail: dev-h...@xalan.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@xalan.apache.org For additional commands, e-mail: dev-h...@xalan.apache.org
