[jira] [Created] (DRILL-8262) Xalan is EOL and has a never to be fixed CVE

PJ Fanning (Jira) Tue, 19 Jul 2022 12:38:10 -0700

PJ Fanning created DRILL-8262:
---------------------------------

             Summary: Xalan is EOL and has a never to be fixed CVE
                 Key: DRILL-8262
                 URL: https://issues.apache.org/jira/browse/DRILL-8262
             Project: Apache Drill
          Issue Type: Improvement
            Reporter: PJ Fanning



Xalan is no longer supported.

https://lists.apache.org/thread/s8kjny5270ssfcp46v0fl39lk98987w7

It is better to use JAXP TransformerFactory than using xalan directly. If you 
add xalan dependency just to ensure that you have a JAXP compliant transformer 
on the classpath, this is unnecessary - the Java runtime has a built-in 
implementation.

Drill dependency:
https://mvnrepository.com/artifact/org.apache.drill.exec/drill-java-exec/1.20.0



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Created] (DRILL-8262) Xalan is EOL and has a never to be fixed CVE

Reply via email to