Thank you Gary.
I have revisited your links and found something new for me there.
Still I probably have to confess that I am hanging around for quite a
while already :) and my first patch to Xalan-J dates back to some
2002... ( https://issues.apache.org/jira/browse/XALANJ-832 ). But I
would not claim myself as a sort of important person :) I'm rather a
sort of devoted user and occasional bug fix provider :)
It was sad for me to see little signs of life here lately, and I am glad
to see life is coming back.
What is still not clear to me about Xalan-J is its relation to other
Java technology sources. I know Xalan-J is endorsed by official Java
platform from Oracle and by OpenJDK. My impression is that the flow of
improvements from Xalan-J to these projects is somewhat retarded. Could
you describe in couple of words how does this happen? How links between
these projects are organized? Is there any routine co-operation between
these projects?
As for myself, I would be pleased to be helpful, but I do not pretend to
know Xalan-J in depth. What I would be pleased to see is my bug fixes
reviewed and applied :) In particular, I mean
https://issues.apache.org/jira/browse/XALANJ-2544 . This bug is related
to entity resolver being in fact only used for the source XML file, and
not for the XSLT transform file, so efficient use of entities is not
available for XSLT files... What can I do to help this bug and my patch
reviewed?
Thanks and best regards,
Sergey
On 28.03.14 18:25, Gary Gregory wrote:
On Thu, Mar 27, 2014 at 2:41 PM, USHAKOV, Sergey
<[email protected] <mailto:[email protected]>> wrote:
Thank you Gary, that's fair enough.
YW.
Welcome to the mailing list (aka the ML).
Just in case, could you kindly describe in few words the current
Xalan-J development process?
You can start with https://xml.apache.org/xalan-j/charter.html and
https://www.apache.org/foundation/getinvolved.html
Keep in mind that we are volunteers working for a non-profit
organization :)
What is the trunk that you mention?
You need to learn about version control and Apache Subversion then ;)
As it relates to Xalan, start here
https://xml.apache.org/xalan-j/downloads.html#buildmyself
Is the development process related, and how, to
OpenJDK/Java.Net/Oracle/other procedures?
You'll have to contrast and compare that for yourself.
How is the new release planning organized?
On an as need be basis, normally by discussions on the development
mailing list.
Who belongs to the committers team?
https://people.apache.org/committers-by-project.html#xalan
How can minor contributors like me facilitate the progress? :)
https://www.apache.org/foundation/getinvolved.html
Gary
Thanks and best regards,
Sergey
On 27.03.14 09:08, Gary Gregory wrote:
If things go well with 2.7.2 and I've not broken anything
compared to 2.7.1, then we can start more release trains.
I do not intend to re-roll another RC to add more patches, only
to fix regressions or something obviously wrong.
The next step beyong 2.7.2 would be to find out what is the
difference between 2.7.2 and trunk so that the recent 2.7.2
changes can be merged back into trunk and normal development can
continue on trunk. It would be great to stabilize and clean up
trunk to figure out why the JRE has to be bumped up so much just
to get it to build and run tests. I do not know yet if that was
on purpose or inadvertent.
Gary
On Thu, Mar 27, 2014 at 12:34 AM, USHAKOV, Sergey
<[email protected] <mailto:[email protected]>> wrote:
Hi, and sorry if breaking in at wrong moment with wrong topic.
And it is great to see life is coming back here to XALAN-J too :)
Not sure it might be a good idea to interrupt the process of
the new release being issued, but I would like to draw the
committers' attention to the XALANJ-2544
<https://issues.apache.org/jira/browse/XALANJ-2544> issue.
This issue is about entity resolving being not available for
XSLT (transform template) file, while being normally
available for source XML file. A patch is available, so it
would be great to have this patch reviewed and merged if
possible, be it with this release or with the the next one...
And I am always here to provide comments and feedback if
necessary...
Regards,
Sergey Ushakov
On 26.03.14 22:59, Gary Gregory wrote:
Hello All:
This is a VOTE to release Apache Xalan-J 2.7.2-RC1 as 2.7.2
This is a bug fix release. As before, Xalan-J requires a
minimum of Java 1.3.
The Apache Xalan-J team is pleased to announce the Apache
Xalan-J 2.7.2 release!
Xalan-Java fully implements XSL Transformations (XSLT)
Version 1.0 and the XML Path Language (XPath) Version 1.0.
Changes in this version include:
Fixed Bugs:
- Fix for CVE-2014-0107 insufficient secure processing
When using FEATURE_SECURE_PROCESSING
("http://javax.xml.XMLConstants/feature/secure-processing";)
on a TransformerFactory, the output properties:
{http://xml.apache.org/xalan}content-handler
<http://xml.apache.org/xalan%7Dcontent-handler>
{http://xml.apache.org/xalan}entities
<http://xml.apache.org/xalan%7Dentities>
{http://xml.apache.org/xslt}content-handler
<http://xml.apache.org/xslt%7Dcontent-handler>
{http://xml.apache.org/xslt}entities
<http://xml.apache.org/xslt%7Dentities>
should be ignored (see
http://xml.apache.org/xalan-j/usagepatterns.html#outputprops)
These properties can be used to load an arbitrary class or
access an arbitrary URL/resource so are problematic when
secure processing is desired.
<xsl:output xalan:content-handler="org.example.BadClass" ...
<xsl:output
xalan:entities="http://example.org/reallyLargeFile.bin"; ...
These features could be used to load a class that had
undesirable side-effects or to load a large file and exhaust
memory, etc.
See XALANJ-2435.
- Upgrade to Xerces-J 2.11.0 and XML Commons External 1.4.01
The distributions contain upgraded versions of
xercesImpl.jar (Xerces-J 2.11.0) and xml-apis.jar (XML
Commons External 1.4.01).
- XALANJ Jira bug fixes
XALANJ Jira bug fixes: 2435, 2580, 2546, 2581, 2582, 2583,
2473, 2495, 2493, 2424, 2446, 2447
You can also view the list in Jira:
https://issues.apache.org/jira/browse/XALANJ-2424?jql=project%20%3D%20XALANJ%20AND%20fixVersion%20%3D%202.7.2%20ORDER%20BY%20due%20ASC%2C%20priority%20DESC%2C%20created%20ASC
This VOTE is open for at least 72 hours until March 29 2014
at 15:00 PM EST.
The files:
https://people.apache.org/~ggregory/xalan/2.7.1-rc1/dist/
<https://people.apache.org/%7Eggregory/xalan/2.7.1-rc1/dist/>
The tags:
https://svn.apache.org/repos/asf/xalan/java/tags/xalan-j_2_7_2-rc1
https://svn.apache.org/repos/asf/xalan/test/tags/xalan-j_2_7_2-rc1
The docs:
https://people.apache.org/~ggregory/xalan/2.7.1-rc1/site/
<https://people.apache.org/%7Eggregory/xalan/2.7.1-rc1/site/>
Thank you,
Gary Gregory
--
E-Mail: [email protected]
<mailto:[email protected]> | [email protected]
<mailto:[email protected]>
Java Persistence with Hibernate, Second Edition
<http://www.manning.com/bauer3/>
JUnit in Action, Second Edition
<http://www.manning.com/tahchiev/>
Spring Batch in Action <http://www.manning.com/templier/>
Blog: http://garygregory.wordpress.com
<http://garygregory.wordpress.com/>
Home: http://garygregory.com/
Tweet! http://twitter.com/GaryGregory
--
E-Mail: [email protected] <mailto:[email protected]> |
[email protected] <mailto:[email protected]>
Java Persistence with Hibernate, Second Edition
<http://www.manning.com/bauer3/>
JUnit in Action, Second Edition <http://www.manning.com/tahchiev/>
Spring Batch in Action <http://www.manning.com/templier/>
Blog: http://garygregory.wordpress.com
<http://garygregory.wordpress.com/>
Home: http://garygregory.com/
Tweet! http://twitter.com/GaryGregory
--
E-Mail: [email protected] <mailto:[email protected]> |
[email protected] <mailto:[email protected]>
Java Persistence with Hibernate, Second Edition
<http://www.manning.com/bauer3/>
JUnit in Action, Second Edition <http://www.manning.com/tahchiev/>
Spring Batch in Action <http://www.manning.com/templier/>
Blog: http://garygregory.wordpress.com
<http://garygregory.wordpress.com/>
Home: http://garygregory.com/
Tweet! http://twitter.com/GaryGregory
