[jira] [Commented] (SLING-10094) Update embedded version of xalan

Julian Reschke (Jira) Fri, 19 Feb 2021 08:55:13 -0800


    [ 
https://issues.apache.org/jira/browse/SLING-10094?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17287200#comment-17287200
 ]


Julian Reschke commented on SLING-10094:
----------------------------------------

Hmm. Not good. So if I get this right, the OWASP HTML Validator essentially 
introduces a Java 9 dependency, and the workaround is to embed an XML parser 
that hasn't seen any releases for over 7 years?

> Update embedded version of  xalan
> ---------------------------------
>
>                 Key: SLING-10094
>                 URL: https://issues.apache.org/jira/browse/SLING-10094
>             Project: Sling
>          Issue Type: Improvement
>          Components: XSS Protection API
>            Reporter: Antonio Sanso
>            Assignee: Radu Cotescu
>            Priority: Major
>             Fix For: XSS Protection API 2.2.10
>
>
> org.apache.sling.xss 2.2.2 and above still embed Xalan 2.7.0. 
> It would be beneficial to use the most recent version of Xalan: 2.7.2 or above
>  



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Commented] (SLING-10094) Update embedded version of xalan

Reply via email to