Thank you Gary, that's fair enough.
Just in case, could you kindly describe in few words the current Xalan-J
development process? What is the trunk that you mention? Is the
development process related, and how, to OpenJDK/Java.Net/Oracle/other
procedures? How is the new release planning organized? Who belongs to
the committers team? How can minor contributors like me facilitate the
progress? :)
Thanks and best regards,
Sergey
On 27.03.14 09:08, Gary Gregory wrote:
If things go well with 2.7.2 and I've not broken anything compared to
2.7.1, then we can start more release trains.
I do not intend to re-roll another RC to add more patches, only to fix
regressions or something obviously wrong.
The next step beyong 2.7.2 would be to find out what is the difference
between 2.7.2 and trunk so that the recent 2.7.2 changes can be merged
back into trunk and normal development can continue on trunk. It
would be great to stabilize and clean up trunk to figure out why the
JRE has to be bumped up so much just to get it to build and run tests.
I do not know yet if that was on purpose or inadvertent.
Gary
On Thu, Mar 27, 2014 at 12:34 AM, USHAKOV, Sergey
<[email protected] <mailto:[email protected]>> wrote:
Hi, and sorry if breaking in at wrong moment with wrong topic.
And it is great to see life is coming back here to XALAN-J too :)
Not sure it might be a good idea to interrupt the process of the
new release being issued, but I would like to draw the committers'
attention to the XALANJ-2544
<https://issues.apache.org/jira/browse/XALANJ-2544> issue. This
issue is about entity resolving being not available for XSLT
(transform template) file, while being normally available for
source XML file. A patch is available, so it would be great to
have this patch reviewed and merged if possible, be it with this
release or with the the next one...
And I am always here to provide comments and feedback if necessary...
Regards,
Sergey Ushakov
On 26.03.14 22:59, Gary Gregory wrote:
Hello All:
This is a VOTE to release Apache Xalan-J 2.7.2-RC1 as 2.7.2
This is a bug fix release. As before, Xalan-J requires a minimum
of Java 1.3.
The Apache Xalan-J team is pleased to announce the Apache Xalan-J
2.7.2 release!
Xalan-Java fully implements XSL Transformations (XSLT) Version
1.0 and the XML Path Language (XPath) Version 1.0.
Changes in this version include:
Fixed Bugs:
- Fix for CVE-2014-0107 insufficient secure processing
When using FEATURE_SECURE_PROCESSING
("http://javax.xml.XMLConstants/feature/secure-processing";) on a
TransformerFactory, the output properties:
{http://xml.apache.org/xalan}content-handler
<http://xml.apache.org/xalan%7Dcontent-handler>
{http://xml.apache.org/xalan}entities
<http://xml.apache.org/xalan%7Dentities>
{http://xml.apache.org/xslt}content-handler
<http://xml.apache.org/xslt%7Dcontent-handler>
{http://xml.apache.org/xslt}entities
<http://xml.apache.org/xslt%7Dentities>
should be ignored (see
http://xml.apache.org/xalan-j/usagepatterns.html#outputprops)
These properties can be used to load an arbitrary class or access
an arbitrary URL/resource so are problematic when secure
processing is desired.
<xsl:output xalan:content-handler="org.example.BadClass" ...
<xsl:output
xalan:entities="http://example.org/reallyLargeFile.bin"; ...
These features could be used to load a class that had undesirable
side-effects or to load a large file and exhaust memory, etc.
See XALANJ-2435.
- Upgrade to Xerces-J 2.11.0 and XML Commons External 1.4.01
The distributions contain upgraded versions of xercesImpl.jar
(Xerces-J 2.11.0) and xml-apis.jar (XML Commons External 1.4.01).
- XALANJ Jira bug fixes
XALANJ Jira bug fixes: 2435, 2580, 2546, 2581, 2582, 2583, 2473,
2495, 2493, 2424, 2446, 2447
You can also view the list in Jira:
https://issues.apache.org/jira/browse/XALANJ-2424?jql=project%20%3D%20XALANJ%20AND%20fixVersion%20%3D%202.7.2%20ORDER%20BY%20due%20ASC%2C%20priority%20DESC%2C%20created%20ASC
This VOTE is open for at least 72 hours until March 29 2014 at
15:00 PM EST.
The files:
https://people.apache.org/~ggregory/xalan/2.7.1-rc1/dist/
<https://people.apache.org/%7Eggregory/xalan/2.7.1-rc1/dist/>
The tags:
https://svn.apache.org/repos/asf/xalan/java/tags/xalan-j_2_7_2-rc1
https://svn.apache.org/repos/asf/xalan/test/tags/xalan-j_2_7_2-rc1
The docs:
https://people.apache.org/~ggregory/xalan/2.7.1-rc1/site/
<https://people.apache.org/%7Eggregory/xalan/2.7.1-rc1/site/>
Thank you,
Gary Gregory
--
E-Mail: [email protected] <mailto:[email protected]> |
[email protected] <mailto:[email protected]>
Java Persistence with Hibernate, Second Edition
<http://www.manning.com/bauer3/>
JUnit in Action, Second Edition <http://www.manning.com/tahchiev/>
Spring Batch in Action <http://www.manning.com/templier/>
Blog: http://garygregory.wordpress.com
<http://garygregory.wordpress.com/>
Home: http://garygregory.com/
Tweet! http://twitter.com/GaryGregory
--
E-Mail: [email protected] <mailto:[email protected]> |
[email protected] <mailto:[email protected]>
Java Persistence with Hibernate, Second Edition
<http://www.manning.com/bauer3/>
JUnit in Action, Second Edition <http://www.manning.com/tahchiev/>
Spring Batch in Action <http://www.manning.com/templier/>
Blog: http://garygregory.wordpress.com
<http://garygregory.wordpress.com/>
Home: http://garygregory.com/
Tweet! http://twitter.com/GaryGregory
