RE: Xerces-C 3.1.4 released

2016-06-30 Thread Cantor, Scott 
> FYI, the downloads on http://apache.org/dist/xerces/c/3/sources/
> are missing the signatures and checksums for xerces-c-3.1.4.tar.xz.
> Would it be possible to add them?

Forgot it existed. I'll try and get to it when I can.

-- Scott



-
To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org
For additional commands, e-mail: c-dev-h...@xerces.apache.org

Re: Xerces-C 3.1.4 released

2016-06-30 Thread rleigh 

On 2016-06-29 14:44, Cantor, Scott wrote:

A patch release of the Xerces-C XML parser is now available and is
propagating to the mirrors. It includes a small number of important
bug fixes, including a fix for CVE-2016-4463.

https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=10510=12336069

Of special note, applications that don't make use of DTDs should
strongly consider setting the XERCES_ DISABLE_DTD environment variable
to "1" to insulate themselves from the likelihood of future
vulnerabilities in that code. When I have a free moment I will make
that a parser feature in the trunk since it requires an ABI change.


FYI, the downloads on http://apache.org/dist/xerces/c/3/sources/
are missing the signatures and checksums for xerces-c-3.1.4.tar.xz.
Would it be possible to add them?


Thanks,
Roger


-
To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org
For additional commands, e-mail: c-dev-h...@xerces.apache.org

Re: Xerces-C 3.1.4 released

2016-06-29 Thread Vitaly Prapirny 

Thanks Scott!

Good luck!
  Vitaly

Cantor, Scott wrote:

A patch release of the Xerces-C XML parser is now available and is propagating 
to the mirrors. It includes a small number of important bug fixes, including a 
fix for CVE-2016-4463.

https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=10510=12336069

Of special note, applications that don't make use of DTDs should strongly consider 
setting the XERCES_ DISABLE_DTD environment variable to "1" to insulate 
themselves from the likelihood of future vulnerabilities in that code. When I have a free 
moment I will make that a parser feature in the trunk since it requires an ABI change.

-- Scott


-
To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org
For additional commands, e-mail: c-dev-h...@xerces.apache.org




-
To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org
For additional commands, e-mail: c-dev-h...@xerces.apache.org

Re: Xerces-C 3.1.4 released

2016-06-29 Thread Gareth Reakes 


Yeah! Thanks Scott.

G

> On 29 Jun 2016, at 15:44, Cantor, Scott  wrote:
> 
> A patch release of the Xerces-C XML parser is now available and is 
> propagating to the mirrors. It includes a small number of important bug 
> fixes, including a fix for CVE-2016-4463.
> 
> https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=10510=12336069
> 
> Of special note, applications that don't make use of DTDs should strongly 
> consider setting the XERCES_ DISABLE_DTD environment variable to "1" to 
> insulate themselves from the likelihood of future vulnerabilities in that 
> code. When I have a free moment I will make that a parser feature in the 
> trunk since it requires an ABI change.
> 
> -- Scott
> 


-
To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org
For additional commands, e-mail: c-dev-h...@xerces.apache.org