Re: [VOTE] Release Apache Xalan-J 2.7.2-RC1 as 2.7.2

[Per Arnold Blåsmo]

My +1 On 26. mars 2014 19:59, Gary Gregory wrote: Hello All: This is a VOTE to release Apache Xalan-J 2.7.2-RC1 as 2.7.2 This is a bug fix release. As before, Xalan-J requires a minimum of Java 1.3. The Apache Xalan-J team is pleased to announce the Apache Xalan-J 2.7.2 release! Xalan-Java fully implements XSL Transformations (XSLT) Version 1.0 and the XML Path Language (XPath) Version 1.0. Changes in this version include: Fixed Bugs: - Fix for CVE-2014-0107 insufficient secure processing    When using FEATURE_SECURE_PROCESSING ("http://javax.xml.XMLConstants/feature/secure-processing") on a TransformerFactory, the output properties:     {http://xml.apache.org/xalan}content-handler     {http://xml.apache.org/xalan}entities     {http://xml.apache.org/xslt}content-handler     {http://xml.apache.org/xslt}entities should be ignored (see http://xml.apache.org/xalan-j/usagepatterns.html#outputprops) These properties can be used to load an arbitrary class or access an arbitrary URL/resource so are problematic when secure processing is desired. <xsl:output xalan:content-handler="org.example.BadClass" ... <xsl:output xalan:entities="http://example.org/reallyLargeFile.bin" ... These features could be used to load a class that had undesirable side-effects or to load a large file and exhaust memory, etc. See XALANJ-2435. - Upgrade to Xerces-J 2.11.0 and XML Commons External 1.4.01            The distributions contain upgraded versions of xercesImpl.jar (Xerces-J 2.11.0) and xml-apis.jar (XML Commons External 1.4.01).         - XALANJ Jira bug fixes    XALANJ Jira bug fixes: 2435, 2580, 2546, 2581, 2582, 2583, 2473, 2495, 2493, 2424, 2446, 2447 You can also view the list in Jira: https://issues.apache.org/jira/browse/XALANJ-2424?jql=project%20%3D%20XALANJ%20AND%20fixVersion%20%3D%202.7.2%20ORDER%20BY%20due%20ASC%2C%20priority%20DESC%2C%20created%20ASC This VOTE is open for at least 72 hours until March 29 2014 at 15:00 PM EST. The files: https://people.apache.org/~ggregory/xalan/2.7.1-rc1/dist/ The tags: https://svn.apache.org/repos/asf/xalan/java/tags/xalan-j_2_7_2-rc1 https://svn.apache.org/repos/asf/xalan/test/tags/xalan-j_2_7_2-rc1 The docs: https://people.apache.org/~ggregory/xalan/2.7.1-rc1/site/ Thank you, Gary Gregory -- E-Mail: garydgreg...@gmail.com | ggreg...@apache.org Java Persistence with Hibernate, Second Edition JUnit in Action, Second Edition Spring Batch in Action Blog: http://garygregory.wordpress.com Home: http://garygregory.com/ Tweet! http://twitter.com/GaryGregory -- Per Arnold Blåsmo Okstadplassen 10, 7075 Tiller, Norway e-mail: per.arn...@blaasmo.no