RE: Xerces-C 3.1.4 released
> FYI, the downloads on http://apache.org/dist/xerces/c/3/sources/ > are missing the signatures and checksums for xerces-c-3.1.4.tar.xz. > Would it be possible to add them? Forgot it existed. I'll try and get to it when I can. -- Scott - To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org For additional commands, e-mail: c-dev-h...@xerces.apache.org
Re: Xerces-C 3.1.4 released
On 2016-06-29 14:44, Cantor, Scott wrote: A patch release of the Xerces-C XML parser is now available and is propagating to the mirrors. It includes a small number of important bug fixes, including a fix for CVE-2016-4463. https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=10510=12336069 Of special note, applications that don't make use of DTDs should strongly consider setting the XERCES_ DISABLE_DTD environment variable to "1" to insulate themselves from the likelihood of future vulnerabilities in that code. When I have a free moment I will make that a parser feature in the trunk since it requires an ABI change. FYI, the downloads on http://apache.org/dist/xerces/c/3/sources/ are missing the signatures and checksums for xerces-c-3.1.4.tar.xz. Would it be possible to add them? Thanks, Roger - To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org For additional commands, e-mail: c-dev-h...@xerces.apache.org
Re: Xerces-C 3.1.4 released
Thanks Scott! Good luck! Vitaly Cantor, Scott wrote: A patch release of the Xerces-C XML parser is now available and is propagating to the mirrors. It includes a small number of important bug fixes, including a fix for CVE-2016-4463. https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=10510=12336069 Of special note, applications that don't make use of DTDs should strongly consider setting the XERCES_ DISABLE_DTD environment variable to "1" to insulate themselves from the likelihood of future vulnerabilities in that code. When I have a free moment I will make that a parser feature in the trunk since it requires an ABI change. -- Scott - To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org For additional commands, e-mail: c-dev-h...@xerces.apache.org - To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org For additional commands, e-mail: c-dev-h...@xerces.apache.org
Re: Xerces-C 3.1.4 released
Yeah! Thanks Scott. G > On 29 Jun 2016, at 15:44, Cantor, Scottwrote: > > A patch release of the Xerces-C XML parser is now available and is > propagating to the mirrors. It includes a small number of important bug > fixes, including a fix for CVE-2016-4463. > > https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=10510=12336069 > > Of special note, applications that don't make use of DTDs should strongly > consider setting the XERCES_ DISABLE_DTD environment variable to "1" to > insulate themselves from the likelihood of future vulnerabilities in that > code. When I have a free moment I will make that a parser feature in the > trunk since it requires an ABI change. > > -- Scott > - To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org For additional commands, e-mail: c-dev-h...@xerces.apache.org