johnjamesmccann commented on PR #47: URL: https://github.com/apache/xerces-c/pull/47#issuecomment-1688371818
[Apache-496067-disclosure-report.pdf](https://github.com/apache/xerces-c/files/12409994/Apache-496067-disclosure-report.pdf) Hello Scott here is the vulnerability report as reported by the UK National Cyber Security Center, which outlines the vulnerability and even mentions the problematic lines which are part of the #47 thread I have noted that @rleigh-codelibre comment on Feb 2, 2022 which states "the changes look good and the unit tests are passing and not reporting any leaks, so I think merging this should be fairly risk-free." I will consider becoming a committer to this project to fix this vulnerability Kind regards John -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org For additional commands, e-mail: c-dev-h...@xerces.apache.org
