[jira] [Commented] (BATIK-1321) Security Vulnerability with Xerces version <= 2.12.1

Stacey McIntire (Jira) Mon, 21 Feb 2022 08:49:04 -0800


    [ 
https://issues.apache.org/jira/browse/BATIK-1321?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17495631#comment-17495631
 ]


Stacey McIntire commented on BATIK-1321:
----------------------------------------

We tested removing xerces but it didn't work. We updated to 2.12.2 in our local 
env and it works.

> Security Vulnerability with Xerces version <= 2.12.1
> ----------------------------------------------------
>
>                 Key: BATIK-1321
>                 URL: https://issues.apache.org/jira/browse/BATIK-1321
>             Project: Batik
>          Issue Type: Bug
>    Affects Versions: 1.14
>            Reporter: Stacey McIntire
>            Priority: Major
>
> Batik needs to reference Xerces 2.12.2, which fixes vulnerability:
> [https://nvd.nist.gov/vuln/detail/CVE-2022-23437] 
> Batik 1.14 is still using vulnerable Xerces 2.12.1.



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

[jira] [Commented] (BATIK-1321) Security Vulnerability with Xerces version <= 2.12.1

Reply via email to