Hi Atul, Xerces-J 1.4.3 is rather ancient. This release occurred before I arrived here so couldn't tell you what issues it may have had. I wouldn't assume the most recent report against Xerces 2.x would apply since 1.4.x is a completely different codebase and may never have had that problem.
Thanks. Michael Glavassevich XML Parser Development IBM Toronto Lab E-mail: mrgla...@ca.ibm.com E-mail: mrgla...@apache.org Atul Parti <atulpa...@gmail.com> wrote on 01/29/2010 10:39:31 AM: > I am looking for an information. > > I am looking for removing security vulnerabilities that may be > associated with XML parsers. > Which version of Apache Xerces Java has rectified the xml > Vulnerability(if any). > Currently we are using Apache Xerces Java 1.4.3. > > I went through different sites but could not find a single > reference, where it is mention that Apache Xerces Java has rectified > the xml vulnerability issue. > In case any one help me or confirm me that my understanding is correct. > > With Regards > Atul
