[jira] [Comment Edited] (XERCESJ-1783) Not having License.txt in xml-resolver-1.1.jar

Sat, 05 Jul 2025 05:24:05 -0700 


    [ 
https://issues.apache.org/jira/browse/XERCESJ-1783?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17997765#comment-17997765
 ] 

Elliotte Rusty Harold edited comment on XERCESJ-1783 at 7/5/25 12:23 PM:
-------------------------------------------------------------------------

It looks like the Apache Xerces Project has not published a binary release for 
xml-resolver.

Possibly https://search.maven.org/artifact/xml-resolver/xml-resolver/1.2/jar 
comes from us, but I don't know. The source code is in svn: 

https://svn.apache.org/viewvc/xerces/xml-commons/trunk/java/src/org/apache/xml/resolver/

I do not see any instructions for releasing this project.



was (Author: elharo):
It looks like the Apache Xerces Project has not published a binary release for 
xml-resolver.

Possibly https://search.maven.org/artifact/xml-resolver/xml-resolver/1.2/jar 
comes from us, but I don't know. The source code is in svn: 

https://svn.apache.org/viewvc/xerces/xml-commons/trunk/java/src/org/apache/xml/resolver/




> Not having License.txt in xml-resolver-1.1.jar
> ----------------------------------------------
>
>                 Key: XERCESJ-1783
>                 URL: https://issues.apache.org/jira/browse/XERCESJ-1783
>             Project: Xerces2-J
>          Issue Type: Improvement
>          Components: Other
>            Reporter: VIVEK BIBHUTI
>            Priority: Minor
>
> Hi,
> We are using *xml-resolver-1.1.jar* in our project. 
> One of our customer has reported that this jar doesn't contains License.txt 
> file and raised as a critical vulnerability by their IQ scan (Sonatype).
> We explained that the MANIFEST.MF has a link to Apache site, where the 
> license is already available publicly.
> Two question
> 1. Why the License file is not added to the jar itself?
> 2. Could you please check if the License.txt can be added in the 
> xml-resolver-1.1.jar? 
> [https://github.com/apache/xerces-j/tree/xml-commons-resolver]
> [https://mvnrepository.com/artifact/xml-resolver/xml-resolver/1.1]
>  
> We have raised this query to LEGAL also they suggest us to raise another Jira 
> in XERCESJ project. Below is the reference
> https://issues.apache.org/jira/browse/LEGAL-705
>  
> Regards
> Vivek 



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to