Hi Michael, There's been a desire to have a release for a long time, but it has not happened because no one has found the time and energy yet to push one out. We need help from the community. The project really needs new developers / committers to get things moving again.
Thanks. Michael Glavassevich XML Technologies and WAS Development IBM Toronto Lab E-mail: [email protected] E-mail: [email protected] Michael Molino <[email protected]> wrote on 11/15/2017 11:00:47 AM: > From: Michael Molino <[email protected]> > To: [email protected] > Date: 11/15/2017 11:01 AM > Subject: jaxp secure processing release > > I see some work on trunk that implements configurations for secure > processing (specifically, totalEntitySizeLimit). > > http://svn.apache.org/viewvc/xerces/java/trunk/src/org/apache/ > xerces/parsers/SecureProcessingConfiguration.java?view=log > > This doesn't seem to be included in any release (most recent being > in 2010). I've tried using the Oracle jaxp implementation, and > performance we terrible. We utilise the xerces grammar pool caching > which makes xerces our preferred parser. While we could patch it > ourselves, this is going to raise some concerns when we audit our > libraries. I've seen some previous messages on this mailing list > about a release being needed... are there any plans for a release > that would include these fixes? Is there anything I can do to > contribute to help move things along? > > Thanks in advance for any help.
