[prev in list] [next in list] [prev in thread] [next in thread] 

List:       xalan-dev
Subject:    [jira] [Commented] (XALANJ-2637) Xalan 2.7.2 Vulnerability
From:       "Felix Knecht (Jira)" <jira () apache ! org>
Date:       2022-09-08 8:33:00
Message-ID: JIRA.13480358.1662502935000.276725.1662625980051 () Atlassian ! JIRA
[Download RAW message or body]


    [ https://issues.apache.org/jira/browse/XALANJ-2637?page=com.atlassian.jira.plugin \
.system.issuetabpanels:comment-tabpanel&focusedCommentId=17601711#comment-17601711 ] 

Felix Knecht commented on XALANJ-2637:
--------------------------------------

I think this is about \
[CVE-2022-34169|http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-34169]

[~vicfromhell] : Also see the dev discussion here: \
[https://lists.apache.org/thread/2qvl7r43wb4t8p9dd9om1bnkssk07sn8]

[~ggregory] : It would be great to see a 2.7.2.1 with this fix included on maven \
central. I also saw that OpenJDK seems to package a fixed version of xalan so I would \
not need to package it myself? Is there a list of JDKs that package xalan?

> Xalan 2.7.2 Vulnerability
> -------------------------
> 
> Key: XALANJ-2637
> URL: https://issues.apache.org/jira/browse/XALANJ-2637
> Project: XalanJ2
> Issue Type: Bug
> Security Level: No security risk; visible to anyone(Ordinary problems in Xalan \
>                 projects.  Anybody can view the issue.) 
> Components: Xalan
> Affects Versions: 2.7.2
> Reporter: vick
> Assignee: Gary D. Gregory
> Priority: Major
> Fix For: 2.7.2
> 
> 
> I need to remove the vulnerability detected for the Apache Xalan library, version \
> 2.7.2, so the application will be free of this vulnerability



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@xalan.apache.org
For additional commands, e-mail: dev-help@xalan.apache.org


[prev in list] [next in list] [prev in thread] [next in thread]