Thanks for pointing out that theproblem has been resolve in Xerces2-J in 2.10.0.
Is Xerces 2.x is backward compatible. Means we currently have Apache Xerces Java 1.4.3. So can the fix version will work directly for us or do we need to update the code to support the newer version API calls. With Regards Atul Parti On Fri, Jan 29, 2010 at 10:39 PM, Mukul Gandhi <muk...@apache.org> wrote: > It seems a fix for this was done in Xerces-J as specified in this JIRA > issue: > https://issues.apache.org/jira/browse/XERCESJ-1412 > > The current SVN code has this fix, and Xerces-J 2.10.0 should have > this improvement. > > On Fri, Jan 29, 2010 at 10:27 PM, Atul Parti <atulpa...@gmail.com> wrote: > > Thanks for replying, > > > > But when i visit the site > > https://www.cert.fi/en/reports/2009/vulnerability2009085.html > > > > it shows that Apache Xerces Java, all versions has issued but does not > > specify the which version has recyified. > > That is the major concern. Currently it seems that all Apache Xerces Java > > has xml Vulnerability issue. > > Whats your call on this. > > > > Regards > > Atul Parti > > > > -- > Regards, > Mukul Gandhi > > --------------------------------------------------------------------- > To unsubscribe, e-mail: j-users-unsubscr...@xerces.apache.org > For additional commands, e-mail: j-users-h...@xerces.apache.org > >
