[jira] [Comment Edited] (XALANJ-2649) Xalan 2.7.3 is missing dependencies (Regression from 2.7.2)
[ https://issues.apache.org/jira/browse/XALANJ-2649?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17729837#comment-17729837 ] Jean Bottein edited comment on XALANJ-2649 at 6/6/23 8:30 PM: -- Noted, we will establish our strategy based on that. FYI, some security tools start to urge compagnies to use the 2.7.3 because of the [CVE-2022-34169|https://nvd.nist.gov/vuln/detail/CVE-2022-34169] I've notified the CVE program about this bug to hopefully include a note for the workaround directly in the CVE documentation. was (Author: JIRAUSER300698): Noted, we'll establish our strategy based on that. FYI, some security tools start to urge compagnies to use the 2.7.3 because of the [CVE-2022-34169|https://nvd.nist.gov/vuln/detail/CVE-2022-34169] I've notified the CVE program about this bug to hopefully include a note for the workaround directly in the CVE documentation. > Xalan 2.7.3 is missing dependencies (Regression from 2.7.2) > --- > > Key: XALANJ-2649 > URL: https://issues.apache.org/jira/browse/XALANJ-2649 > Project: XalanJ2 > Issue Type: Bug > Security Level: No security risk; visible to anyone(Ordinary problems in > Xalan projects. Anybody can view the issue.) > Components: Build, Xalan >Affects Versions: 2.7.3 >Reporter: mt >Priority: Major > Attachments: serializer-2.7.3.pom, xalan-2.7.3.pom > > > After upgrading from 2.7.2 to 2.7.3 via maven central, we get the following > runtime error. > It seems like 2.7.3 is missing the dependencies to serializer and xercesImpl > . After manually adding a dependency to serializer:2.7.3 , the issue is fixed. > This can also be seen in Maven Central: > [Maven Central: xalan:xalan:2.7.2 > (sonatype.com)|https://central.sonatype.com/artifact/xalan/xalan/2.7.2/dependencies] > -> has dependencies on serializer and xercesImpl > [Maven Central: xalan:xalan:2.7.3 > (sonatype.com)|https://central.sonatype.com/artifact/xalan/xalan/2.7.3/dependencies] > -> no dependencies > > {code:java} > java.lang.NoClassDefFoundError: org/apache/xml/serializer/SerializerTrace > at java.base/java.lang.ClassLoader.defineClass1(Native Method) > at java.base/java.lang.ClassLoader.defineClass(ClassLoader.java:1012) > at > java.base/java.security.SecureClassLoader.defineClass(SecureClassLoader.java:150) > at > java.base/jdk.internal.loader.BuiltinClassLoader.defineClass(BuiltinClassLoader.java:862) > at > java.base/jdk.internal.loader.BuiltinClassLoader.findClassOnClassPathOrNull(BuiltinClassLoader.java:760) > at > java.base/jdk.internal.loader.BuiltinClassLoader.loadClassOrNull(BuiltinClassLoader.java:681) > at > java.base/jdk.internal.loader.BuiltinClassLoader.loadClass(BuiltinClassLoader.java:639) > at > java.base/jdk.internal.loader.ClassLoaders$AppClassLoader.loadClass(ClassLoaders.java:188) > at java.base/java.lang.ClassLoader.loadClass(ClassLoader.java:520) > at > org.apache.xalan.processor.ProcessorStylesheetElement.getStylesheetRoot(ProcessorStylesheetElement.java:123) > at > org.apache.xalan.processor.ProcessorStylesheetElement.startElement(ProcessorStylesheetElement.java:74) > at > org.apache.xalan.processor.StylesheetHandler.startElement(StylesheetHandler.java:623) > at > java.xml/com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.startElement(AbstractSAXParser.java:518) > at > java.xml/com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.scanStartElement(XMLNSDocumentScannerImpl.java:374) > at > java.xml/com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl$NSContentDriver.scanRootElementHook(XMLNSDocumentScannerImpl.java:613) > at > java.xml/com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl$FragmentContentDriver.next(XMLDocumentFragmentScannerImpl.java:3079) > at > java.xml/com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl$PrologDriver.next(XMLDocumentScannerImpl.java:836) > at > java.xml/com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl.next(XMLDocumentScannerImpl.java:605) > at > java.xml/com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.next(XMLNSDocumentScannerImpl.java:112) > at > java.xml/com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanDocument(XMLDocumentFragmentScannerImpl.java:542) > at > java.xml/com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Configuration.java:889) > at > java.xml/com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Configuration.java:825) > at >
[jira] [Comment Edited] (XALANJ-2649) Xalan 2.7.3 is missing dependencies (Regression from 2.7.2)
[ https://issues.apache.org/jira/browse/XALANJ-2649?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17729837#comment-17729837 ] Jean Bottein edited comment on XALANJ-2649 at 6/6/23 8:30 PM: -- Noted, we'll establish our strategy based on that. FYI, some security tools start to urge compagnies to use the 2.7.3 because of the [CVE-2022-34169|https://nvd.nist.gov/vuln/detail/CVE-2022-34169] I've notified the CVE program about this bug to hopefully include a note for the workaround directly in the CVE documentation. was (Author: JIRAUSER300698): Noted, we'll established our strategy based on that. FYI, some security tools start to urge compagnies to use the 2.7.3 because of the [CVE-2022-34169|https://nvd.nist.gov/vuln/detail/CVE-2022-34169] I've notified the CVE program about this bug to hopefully include a note for the workaround directly in the CVE documentation. > Xalan 2.7.3 is missing dependencies (Regression from 2.7.2) > --- > > Key: XALANJ-2649 > URL: https://issues.apache.org/jira/browse/XALANJ-2649 > Project: XalanJ2 > Issue Type: Bug > Security Level: No security risk; visible to anyone(Ordinary problems in > Xalan projects. Anybody can view the issue.) > Components: Build, Xalan >Affects Versions: 2.7.3 >Reporter: mt >Priority: Major > Attachments: serializer-2.7.3.pom, xalan-2.7.3.pom > > > After upgrading from 2.7.2 to 2.7.3 via maven central, we get the following > runtime error. > It seems like 2.7.3 is missing the dependencies to serializer and xercesImpl > . After manually adding a dependency to serializer:2.7.3 , the issue is fixed. > This can also be seen in Maven Central: > [Maven Central: xalan:xalan:2.7.2 > (sonatype.com)|https://central.sonatype.com/artifact/xalan/xalan/2.7.2/dependencies] > -> has dependencies on serializer and xercesImpl > [Maven Central: xalan:xalan:2.7.3 > (sonatype.com)|https://central.sonatype.com/artifact/xalan/xalan/2.7.3/dependencies] > -> no dependencies > > {code:java} > java.lang.NoClassDefFoundError: org/apache/xml/serializer/SerializerTrace > at java.base/java.lang.ClassLoader.defineClass1(Native Method) > at java.base/java.lang.ClassLoader.defineClass(ClassLoader.java:1012) > at > java.base/java.security.SecureClassLoader.defineClass(SecureClassLoader.java:150) > at > java.base/jdk.internal.loader.BuiltinClassLoader.defineClass(BuiltinClassLoader.java:862) > at > java.base/jdk.internal.loader.BuiltinClassLoader.findClassOnClassPathOrNull(BuiltinClassLoader.java:760) > at > java.base/jdk.internal.loader.BuiltinClassLoader.loadClassOrNull(BuiltinClassLoader.java:681) > at > java.base/jdk.internal.loader.BuiltinClassLoader.loadClass(BuiltinClassLoader.java:639) > at > java.base/jdk.internal.loader.ClassLoaders$AppClassLoader.loadClass(ClassLoaders.java:188) > at java.base/java.lang.ClassLoader.loadClass(ClassLoader.java:520) > at > org.apache.xalan.processor.ProcessorStylesheetElement.getStylesheetRoot(ProcessorStylesheetElement.java:123) > at > org.apache.xalan.processor.ProcessorStylesheetElement.startElement(ProcessorStylesheetElement.java:74) > at > org.apache.xalan.processor.StylesheetHandler.startElement(StylesheetHandler.java:623) > at > java.xml/com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.startElement(AbstractSAXParser.java:518) > at > java.xml/com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.scanStartElement(XMLNSDocumentScannerImpl.java:374) > at > java.xml/com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl$NSContentDriver.scanRootElementHook(XMLNSDocumentScannerImpl.java:613) > at > java.xml/com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl$FragmentContentDriver.next(XMLDocumentFragmentScannerImpl.java:3079) > at > java.xml/com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl$PrologDriver.next(XMLDocumentScannerImpl.java:836) > at > java.xml/com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl.next(XMLDocumentScannerImpl.java:605) > at > java.xml/com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.next(XMLNSDocumentScannerImpl.java:112) > at > java.xml/com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanDocument(XMLDocumentFragmentScannerImpl.java:542) > at > java.xml/com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Configuration.java:889) > at > java.xml/com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Configuration.java:825) > at >
[jira] [Comment Edited] (XALANJ-2649) Xalan 2.7.3 is missing dependencies (Regression from 2.7.2)
[ https://issues.apache.org/jira/browse/XALANJ-2649?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17719943#comment-17719943 ] Eric Schwarzenbach edited comment on XALANJ-2649 at 5/5/23 5:31 PM: I posted precisely that pom adapted to the new version to the xalanj–users mailing on April 13. I've used that same pom to deploy to my company's local nexus repository and it works. was (Author: ericjs): I posted precisely that pom adapted to the new version to the xalanj–users mailing on April 13. I've used that same pom to deploy my company's local nexus repository and it works. > Xalan 2.7.3 is missing dependencies (Regression from 2.7.2) > --- > > Key: XALANJ-2649 > URL: https://issues.apache.org/jira/browse/XALANJ-2649 > Project: XalanJ2 > Issue Type: Bug > Security Level: No security risk; visible to anyone(Ordinary problems in > Xalan projects. Anybody can view the issue.) > Components: Build, Xalan >Affects Versions: 2.7.3 >Reporter: mt >Assignee: Gary D. Gregory >Priority: Major > Attachments: serializer-2.7.3.pom, xalan-2.7.3.pom > > > After upgrading from 2.7.2 to 2.7.3 via maven central, we get the following > runtime error. > It seems like 2.7.3 is missing the dependencies to serializer and xercesImpl > . After manually adding a dependency to serializer:2.7.3 , the issue is fixed. > This can also be seen in Maven Central: > [Maven Central: xalan:xalan:2.7.2 > (sonatype.com)|https://central.sonatype.com/artifact/xalan/xalan/2.7.2/dependencies] > -> has dependencies on serializer and xercesImpl > [Maven Central: xalan:xalan:2.7.3 > (sonatype.com)|https://central.sonatype.com/artifact/xalan/xalan/2.7.3/dependencies] > -> no dependencies > > {code:java} > java.lang.NoClassDefFoundError: org/apache/xml/serializer/SerializerTrace > at java.base/java.lang.ClassLoader.defineClass1(Native Method) > at java.base/java.lang.ClassLoader.defineClass(ClassLoader.java:1012) > at > java.base/java.security.SecureClassLoader.defineClass(SecureClassLoader.java:150) > at > java.base/jdk.internal.loader.BuiltinClassLoader.defineClass(BuiltinClassLoader.java:862) > at > java.base/jdk.internal.loader.BuiltinClassLoader.findClassOnClassPathOrNull(BuiltinClassLoader.java:760) > at > java.base/jdk.internal.loader.BuiltinClassLoader.loadClassOrNull(BuiltinClassLoader.java:681) > at > java.base/jdk.internal.loader.BuiltinClassLoader.loadClass(BuiltinClassLoader.java:639) > at > java.base/jdk.internal.loader.ClassLoaders$AppClassLoader.loadClass(ClassLoaders.java:188) > at java.base/java.lang.ClassLoader.loadClass(ClassLoader.java:520) > at > org.apache.xalan.processor.ProcessorStylesheetElement.getStylesheetRoot(ProcessorStylesheetElement.java:123) > at > org.apache.xalan.processor.ProcessorStylesheetElement.startElement(ProcessorStylesheetElement.java:74) > at > org.apache.xalan.processor.StylesheetHandler.startElement(StylesheetHandler.java:623) > at > java.xml/com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.startElement(AbstractSAXParser.java:518) > at > java.xml/com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.scanStartElement(XMLNSDocumentScannerImpl.java:374) > at > java.xml/com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl$NSContentDriver.scanRootElementHook(XMLNSDocumentScannerImpl.java:613) > at > java.xml/com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl$FragmentContentDriver.next(XMLDocumentFragmentScannerImpl.java:3079) > at > java.xml/com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl$PrologDriver.next(XMLDocumentScannerImpl.java:836) > at > java.xml/com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl.next(XMLDocumentScannerImpl.java:605) > at > java.xml/com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.next(XMLNSDocumentScannerImpl.java:112) > at > java.xml/com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanDocument(XMLDocumentFragmentScannerImpl.java:542) > at > java.xml/com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Configuration.java:889) > at > java.xml/com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Configuration.java:825) > at > java.xml/com.sun.org.apache.xerces.internal.parsers.XMLParser.parse(XMLParser.java:141) > at > java.xml/com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.parse(AbstractSAXParser.java:1224) > at >
[jira] [Comment Edited] (XALANJ-2649) Xalan 2.7.3 is missing dependencies (Regression from 2.7.2)
[ https://issues.apache.org/jira/browse/XALANJ-2649?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17719943#comment-17719943 ] Eric Schwarzenbach edited comment on XALANJ-2649 at 5/5/23 5:24 PM: I posted precisely that pom adapted to the new version to the xalanj–users mailing on April 13. I've used that same pom to deploy my company's local nexus repository and it works. was (Author: ericjs): I posted precisely that pom adapted to the new version to the xalanj–users mailing on April 13. I've used that same pom it to deploy my company's local nexus repository and it works. > Xalan 2.7.3 is missing dependencies (Regression from 2.7.2) > --- > > Key: XALANJ-2649 > URL: https://issues.apache.org/jira/browse/XALANJ-2649 > Project: XalanJ2 > Issue Type: Bug > Security Level: No security risk; visible to anyone(Ordinary problems in > Xalan projects. Anybody can view the issue.) > Components: Build, Xalan >Affects Versions: 2.7.3 >Reporter: mt >Assignee: Gary D. Gregory >Priority: Major > > After upgrading from 2.7.2 to 2.7.3 via maven central, we get the following > runtime error. > It seems like 2.7.3 is missing the dependencies to serializer and xercesImpl > . After manually adding a dependency to serializer:2.7.3 , the issue is fixed. > This can also be seen in Maven Central: > [Maven Central: xalan:xalan:2.7.2 > (sonatype.com)|https://central.sonatype.com/artifact/xalan/xalan/2.7.2/dependencies] > -> has dependencies on serializer and xercesImpl > [Maven Central: xalan:xalan:2.7.3 > (sonatype.com)|https://central.sonatype.com/artifact/xalan/xalan/2.7.3/dependencies] > -> no dependencies > > {code:java} > java.lang.NoClassDefFoundError: org/apache/xml/serializer/SerializerTrace > at java.base/java.lang.ClassLoader.defineClass1(Native Method) > at java.base/java.lang.ClassLoader.defineClass(ClassLoader.java:1012) > at > java.base/java.security.SecureClassLoader.defineClass(SecureClassLoader.java:150) > at > java.base/jdk.internal.loader.BuiltinClassLoader.defineClass(BuiltinClassLoader.java:862) > at > java.base/jdk.internal.loader.BuiltinClassLoader.findClassOnClassPathOrNull(BuiltinClassLoader.java:760) > at > java.base/jdk.internal.loader.BuiltinClassLoader.loadClassOrNull(BuiltinClassLoader.java:681) > at > java.base/jdk.internal.loader.BuiltinClassLoader.loadClass(BuiltinClassLoader.java:639) > at > java.base/jdk.internal.loader.ClassLoaders$AppClassLoader.loadClass(ClassLoaders.java:188) > at java.base/java.lang.ClassLoader.loadClass(ClassLoader.java:520) > at > org.apache.xalan.processor.ProcessorStylesheetElement.getStylesheetRoot(ProcessorStylesheetElement.java:123) > at > org.apache.xalan.processor.ProcessorStylesheetElement.startElement(ProcessorStylesheetElement.java:74) > at > org.apache.xalan.processor.StylesheetHandler.startElement(StylesheetHandler.java:623) > at > java.xml/com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.startElement(AbstractSAXParser.java:518) > at > java.xml/com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.scanStartElement(XMLNSDocumentScannerImpl.java:374) > at > java.xml/com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl$NSContentDriver.scanRootElementHook(XMLNSDocumentScannerImpl.java:613) > at > java.xml/com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl$FragmentContentDriver.next(XMLDocumentFragmentScannerImpl.java:3079) > at > java.xml/com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl$PrologDriver.next(XMLDocumentScannerImpl.java:836) > at > java.xml/com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl.next(XMLDocumentScannerImpl.java:605) > at > java.xml/com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.next(XMLNSDocumentScannerImpl.java:112) > at > java.xml/com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanDocument(XMLDocumentFragmentScannerImpl.java:542) > at > java.xml/com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Configuration.java:889) > at > java.xml/com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Configuration.java:825) > at > java.xml/com.sun.org.apache.xerces.internal.parsers.XMLParser.parse(XMLParser.java:141) > at > java.xml/com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.parse(AbstractSAXParser.java:1224) > at > java.xml/com.sun.org.apache.xerces.internal.jaxp.SAXParserImpl$JAXPSAXParser.parse(SAXParserImpl.java:637) > at >