Thanks for replying, But when i visit the site https://www.cert.fi/en/reports/2009/vulnerability2009085.html
it shows that Apache Xerces Java, all versions has issued but does not specify the which version has recyified. That is the major concern. Currently it seems that all Apache Xerces Java has xml Vulnerability issue. Whats your call on this. Regards Atul Parti On Fri, Jan 29, 2010 at 10:10 PM, Mukul Gandhi <[email protected]> wrote: > I guess, a vulnerability issue was reported by community some time ago > related to XML parsing. > > Here's some information about this: > http://isc.sans.org/diary.html?storyid=6928 > http://svn.apache.org/viewvc?revision=781488&view=revision > > From these news items, it seems that Xerces-J was not affected by > this. Rather, Xerces-C was affected, and a patch for this is available > as reported at the above links. > > On Fri, Jan 29, 2010 at 10:03 PM, Michael Glavassevich > <[email protected]> wrote: > > Hi Atul, > > > > Xerces-J 1.4.3 is rather ancient. This release occurred before I arrived > > here so couldn't tell you what issues it may have had. I wouldn't assume > the > > most recent report against Xerces 2.x would apply since 1.4.x is a > > completely different codebase and may never have had that problem. > > > > Thanks. > > > > Michael Glavassevich > > XML Parser Development > > IBM Toronto Lab > > E-mail: [email protected] > > E-mail: [email protected] > > > > -- > Regards, > Mukul Gandhi > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > >
