Hi, We're planning on having a release (Xerces-J 2.10.0) at the end of the week. The patch can be easily applied to earlier releases (for those who need that).
Thanks. Michael Glavassevich XML Parser Development IBM Toronto Lab E-mail: [email protected] E-mail: [email protected] Pankaj Jairath <[email protected]> wrote on 12/14/2009 03:51:19 AM: > I am following up on this issue reported at - > http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2625. I see the > following check-in trunk for XMLScanner.java : > > http://svn.apache.org/viewvc/xerces/java/trunk/src/org/apache/ > xerces/impl/XMLScanner.java?r1=572055&r2=787352&pathrev=787353 > > which apparently fixes the issue. > > Question : Can we have a newer drop of Xerces2 which shall include this > critical fix ?, the last one is tagged as 2.9.1, which was made > available 2 years ago. > > Thanks, > -/Pankaj > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected]
