scantor commented on PR #47:
URL: https://github.com/apache/xerces-c/pull/47#issuecomment-1688414268
> I will consider becoming a committer to this project to fix this
vulnerability
Only if you're in it for the long haul, it's a commitment (pun intended) to
actually sustain the code
scantor commented on PR #47:
URL: https://github.com/apache/xerces-c/pull/47#issuecomment-1688246591
It has not, and I don't think it's even known that the fix is correct.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and
scantor commented on PR #47:
URL: https://github.com/apache/xerces-c/pull/47#issuecomment-1128832049
No, and no, I have no expectation of any releases. If a security issue that
actually affects my code comes up I would probably apply this and bumping to
3.3. This cannot be part of a patch
scantor commented on pull request #47:
URL: https://github.com/apache/xerces-c/pull/47#issuecomment-1028196255
I looked at the fix last night at least in cursory fashion. It can't be
backported to 3.2 because it's an API and therefore ABI change. Given some
method defaulting it could
scantor commented on pull request #47:
URL: https://github.com/apache/xerces-c/pull/47#issuecomment-1027462800
Since you addressed me personally, I can simply reiterate as I have in Jira
(which is where this proposal should be, this is not a GitHub project) that I
don't have any exposure