Hi Mukul, Thank you for the confirmation. Can you tell me what is the change made for it to remove the vulnerability?
Thanks and Regards, Srujith On Fri, Apr 7, 2023 at 12:46 PM SRUJITH PULIPAKA <srujit...@gmail.com> wrote: > > Forwarded Conversation > Subject: Confirmation regarding a Vulnerability. > ------------------------ > > From: SRUJITH PULIPAKA <srujit...@gmail.com> > Date: Fri, Apr 7, 2023 at 10:48 AM > To: <j-users@xalan.apache.org> > > > Hi All, > I see that Xalan 2.7.3 is released as mentioned in the > https://xalan.apache.org/ > I need confirmation whether CVE-2022-34169 is solved by this update or not, > so that we can upgrade to this version. > > Thanks and Regards, > Srujith > > > ---------- > From: Mukul Gandhi <muk...@apache.org> > Date: Fri, Apr 7, 2023 at 11:56 AM > To: SRUJITH PULIPAKA <srujit...@gmail.com> > Cc: <j-users@xalan.apache.org> > > > Hi Srujith, > > On Fri, Apr 7, 2023 at 11:33 AM SRUJITH PULIPAKA <srujit...@gmail.com> > wrote: > > > I see that Xalan 2.7.3 is released as mentioned in the > https://xalan.apache.org/ > > I need confirmation whether CVE-2022-34169 is solved by this update or > not > > Yes, I can confirm that, XalanJ 2.7.3 solves the bug illustrated by > CVE-2022-34169. The fix for this bug, may also be tested by one of the > XalanJ tests available at > https://github.com/apache/xalan-test/tree/master/tests/2.7.3_release. > > > -- > Regards, > Mukul Gandhi > > >
