[prev in list] [next in list] [prev in thread] [next in thread]
List: xalan-dev
Subject: [jira] [Commented] (XALANJ-2637) Xalan 2.7.2 Vulnerability
From: "Felix Knecht (Jira)" <jira () apache ! org>
Date: 2022-09-08 8:33:00
Message-ID: JIRA.13480358.1662502935000.276725.1662625980051 () Atlassian ! JIRA
[Download RAW message or body]
[ https://issues.apache.org/jira/browse/XALANJ-2637?page=com.atlassian.jira.plugin \
.system.issuetabpanels:comment-tabpanel&focusedCommentId=17601711#comment-17601711 ]
Felix Knecht commented on XALANJ-2637:
--------------------------------------
I think this is about \
[CVE-2022-34169|http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-34169]
[~vicfromhell] : Also see the dev discussion here: \
[https://lists.apache.org/thread/2qvl7r43wb4t8p9dd9om1bnkssk07sn8]
[~ggregory] : It would be great to see a 2.7.2.1 with this fix included on maven \
central. I also saw that OpenJDK seems to package a fixed version of xalan so I would \
not need to package it myself? Is there a list of JDKs that package xalan?
> Xalan 2.7.2 Vulnerability
> -------------------------
>
> Key: XALANJ-2637
> URL: https://issues.apache.org/jira/browse/XALANJ-2637
> Project: XalanJ2
> Issue Type: Bug
> Security Level: No security risk; visible to anyone(Ordinary problems in Xalan \
> projects. Anybody can view the issue.)
> Components: Xalan
> Affects Versions: 2.7.2
> Reporter: vick
> Assignee: Gary D. Gregory
> Priority: Major
> Fix For: 2.7.2
>
>
> I need to remove the vulnerability detected for the Apache Xalan library, version \
> 2.7.2, so the application will be free of this vulnerability
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@xalan.apache.org
For additional commands, e-mail: dev-help@xalan.apache.org
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic