[jira] [Comment Edited] (XALANJ-2649) Xalan 2.7.3 is missing dependencies (Regression from 2.7.2)

Tue, 06 Jun 2023 13:31:07 -0700 


    [ 
https://issues.apache.org/jira/browse/XALANJ-2649?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17729837#comment-17729837
 ] 

Jean Bottein edited comment on XALANJ-2649 at 6/6/23 8:30 PM:
--------------------------------------------------------------

Noted, we'll establish our strategy based on that.
FYI, some security tools start to urge compagnies to use the 2.7.3 because of 
the [CVE-2022-34169|https://nvd.nist.gov/vuln/detail/CVE-2022-34169]
I've notified the CVE program about this bug to hopefully include a note for 
the workaround directly in the CVE documentation.


was (Author: JIRAUSER300698):
Noted, we'll established our strategy based on that.
FYI, some security tools start to urge compagnies to use the 2.7.3 because of 
the [CVE-2022-34169|https://nvd.nist.gov/vuln/detail/CVE-2022-34169]
I've notified the CVE program about this bug to hopefully include a note for 
the workaround directly in the CVE documentation.

> Xalan 2.7.3 is missing dependencies (Regression from 2.7.2)
> -----------------------------------------------------------
>
>                 Key: XALANJ-2649
>                 URL: https://issues.apache.org/jira/browse/XALANJ-2649
>             Project: XalanJ2
>          Issue Type: Bug
>      Security Level: No security risk; visible to anyone(Ordinary problems in 
> Xalan projects.  Anybody can view the issue.) 
>          Components: Build, Xalan
>    Affects Versions: 2.7.3
>            Reporter: mt
>            Priority: Major
>         Attachments: serializer-2.7.3.pom, xalan-2.7.3.pom
>
>
> After upgrading from 2.7.2 to 2.7.3 via maven central, we get the following 
> runtime error.
> It seems like 2.7.3 is missing the dependencies to serializer and xercesImpl 
> . After manually adding a dependency to serializer:2.7.3 , the issue is fixed.
> This can also be seen in Maven Central:
> [Maven Central: xalan:xalan:2.7.2 
> (sonatype.com)|https://central.sonatype.com/artifact/xalan/xalan/2.7.2/dependencies]
>  -> has dependencies on serializer and xercesImpl
> [Maven Central: xalan:xalan:2.7.3 
> (sonatype.com)|https://central.sonatype.com/artifact/xalan/xalan/2.7.3/dependencies]
>  -> no dependencies
>  
> {code:java}
>     java.lang.NoClassDefFoundError: org/apache/xml/serializer/SerializerTrace
>         at java.base/java.lang.ClassLoader.defineClass1(Native Method)
>         at java.base/java.lang.ClassLoader.defineClass(ClassLoader.java:1012)
>         at 
> java.base/java.security.SecureClassLoader.defineClass(SecureClassLoader.java:150)
>         at 
> java.base/jdk.internal.loader.BuiltinClassLoader.defineClass(BuiltinClassLoader.java:862)
>         at 
> java.base/jdk.internal.loader.BuiltinClassLoader.findClassOnClassPathOrNull(BuiltinClassLoader.java:760)
>         at 
> java.base/jdk.internal.loader.BuiltinClassLoader.loadClassOrNull(BuiltinClassLoader.java:681)
>         at 
> java.base/jdk.internal.loader.BuiltinClassLoader.loadClass(BuiltinClassLoader.java:639)
>         at 
> java.base/jdk.internal.loader.ClassLoaders$AppClassLoader.loadClass(ClassLoaders.java:188)
>         at java.base/java.lang.ClassLoader.loadClass(ClassLoader.java:520)
>         at 
> org.apache.xalan.processor.ProcessorStylesheetElement.getStylesheetRoot(ProcessorStylesheetElement.java:123)
>         at 
> org.apache.xalan.processor.ProcessorStylesheetElement.startElement(ProcessorStylesheetElement.java:74)
>         at 
> org.apache.xalan.processor.StylesheetHandler.startElement(StylesheetHandler.java:623)
>         at 
> java.xml/com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.startElement(AbstractSAXParser.java:518)
>         at 
> java.xml/com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.scanStartElement(XMLNSDocumentScannerImpl.java:374)
>         at 
> java.xml/com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl$NSContentDriver.scanRootElementHook(XMLNSDocumentScannerImpl.java:613)
>         at 
> java.xml/com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl$FragmentContentDriver.next(XMLDocumentFragmentScannerImpl.java:3079)
>         at 
> java.xml/com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl$PrologDriver.next(XMLDocumentScannerImpl.java:836)
>         at 
> java.xml/com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl.next(XMLDocumentScannerImpl.java:605)
>         at 
> java.xml/com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.next(XMLNSDocumentScannerImpl.java:112)
>         at 
> java.xml/com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanDocument(XMLDocumentFragmentScannerImpl.java:542)
>         at 
> java.xml/com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Configuration.java:889)
>         at 
> java.xml/com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Configuration.java:825)
>         at 
> java.xml/com.sun.org.apache.xerces.internal.parsers.XMLParser.parse(XMLParser.java:141)
>         at 
> java.xml/com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.parse(AbstractSAXParser.java:1224)
>         at 
> java.xml/com.sun.org.apache.xerces.internal.jaxp.SAXParserImpl$JAXPSAXParser.parse(SAXParserImpl.java:637)
>         at 
> org.apache.xalan.processor.TransformerFactoryImpl.newTemplates(TransformerFactoryImpl.java:917)
>         at 
> org.apache.xalan.processor.TransformerFactoryImpl.newTransformer(TransformerFactoryImpl.java:771)
> {code}
>  
>  



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@xalan.apache.org
For additional commands, e-mail: dev-h...@xalan.apache.org

Reply via email to