[
https://issues.apache.org/jira/browse/AXIS-2924?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16940543#comment-16940543
]
Robert Lazarski commented on AXIS-2924:
---------------------------------------
The last official release was in 2006.
The challenges for another release include removing all the com.sun and
httpclient 3.x dependent code, and lack of volunteers who use this old code - I
myself do not though I help maintain it.
Until then we suggest compiling from source as this repo gets security patches
applied as we receive them.
http://svn.apache.org/repos/asf/webservices/axis/trunk/java axis-trunk
> CVE-2018-8032 XSS vulnerability
> -------------------------------
>
> Key: AXIS-2924
> URL: https://issues.apache.org/jira/browse/AXIS-2924
> Project: Axis
> Issue Type: Bug
> Reporter: Robert Lazarski
> Priority: Major
>
> I built the trunk and can confirm the fix. See below:
> r1831943 | veithen | 2018-05-20 14:10:32 -0600 (Sun, 20 May 2018) | 1 line
> Correctly escape namespace URIs in namespace declarations.
> Trunk link with maven builds:
> [https://travis-ci.org/apache/axis1-java]
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
