Hi all,
We've published the new RC for XalanJ 2.7.3 release (located at
https://dist.apache.org/repos/dist/dev/xalan/j/2.7.3/RC4/). This RC,
includes the latest version of commons BCEL library (v 6.6.0).
The necessary XalanJ build tests pass, with this RC.
Details of changes since XalanJ version 2.7.2 are mentioned within the
release notes (that can be seen, within the documentation in the
archives xalan-j_2_7_3-bin.zip & xalan-j_2_7_3-bin.tar.gz).
The latest KEYS file is located at:
https://github.com/apache/xalan-java/blob/xalan-j_2_7_1_maint/KEYS
Please review this release candidate and vote.
[ ] +1 Release these artifacts
[ ] +0 OK, but...
[ ] -0 OK, but really should fix...
[ ] -1 I oppose this release because...
Great work everyone. Here's my +1 for this RC.
On Tue, Oct 4, 2022 at 8:38 PM Mukul Gandhi <muk...@apache.org> wrote:
>
> Hi Gary,
> That should be great.
>
> Currently, the XalanJ 2.7.3 RC3 removes the commons BCEL jar that was
> bundled with XalanJ previously. Instead, XalanJ 2.7.3 RC3 bundles the
> source code of commons BCEL (v 6.5.0) within it along with a fix of
> CVE-2022-34169 for BCEL.
>
> If you could, help produce a new version of commons BCEL with the fix
> for CVE-2022-34169, then we could include the new commons BCEL jar
> within XalanJ 2.7.3 instead of the current way of including commons
> BCEL within XalanJ 2.7.3 RC3.
>
> We shall wait for, a new commons BCEL release with the fix, which we
> can include within XalanJ 2.7.3's new RC.
>
> On Tue, Oct 4, 2022 at 2:58 PM Gary Gregory <garydgreg...@gmail.com> wrote:
> >
> > Note that I plan creating a release candidate for Commons BCEL this week.
> >
> > Gary
--
Regards,
Mukul Gandhi
