Atul Parti <atulpa...@gmail.com> wrote on 01/29/2010 11:57:22 AM: > Thanks for replying, > > But when i visit the site > https://www.cert.fi/en/reports/2009/vulnerability2009085.html > > it shows that Apache Xerces Java, all versions has issued but does > not specify the which version has recyified.
I doubt whomever made this claim actually checked all versions. There are a lot of them in the field. The defect was in Xerces-J 2.x possibly dating back to Xerces-J 2.0.0, but the class with the problem didn't exist in Xerces 1.4.x. The parser (1.x versions) had a completely different architecture before that and may never have had this issue. > That is the major concern. Currently it seems that all Apache Xerces > Java has xml Vulnerability issue. > Whats your call on this. > > Regards > Atul Parti Thanks. Michael Glavassevich XML Parser Development IBM Toronto Lab E-mail: mrgla...@ca.ibm.com E-mail: mrgla...@apache.org
