PJ Fanning created CAMEL-18346:
----------------------------------
Summary: Remove use of Xalan
Key: CAMEL-18346
URL: https://issues.apache.org/jira/browse/CAMEL-18346
Project: Camel
Issue Type: Improvement
Reporter: PJ Fanning
Xalan-J has an unfixed CVE. It is possible that this will be fixed in the
future but Xalan-J has had only one release since 2008 (in 2014).
https://www.cvedetails.com/cve/CVE-2022-34169/
Java has built-in support for TransformerFactory and XPathFactory. This means
most apps that use Xalan-J can readily switch away. Saxon-HE is another well
maintained alternative.
One place where Camel still uses Xalan:
https://github.com/apache/camel/blob/main/core/camel-core-engine/pom.xml#L325
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
