[
https://issues.apache.org/jira/browse/XERCESJ-1697?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16515584#comment-16515584
]
Michael Ahern commented on XERCESJ-1697:
----------------------------------------
Cloning my original defect. There are a host of open source software systems
that are shipping with vulnerable xercesImpl libraries as a result of 2.12 not
being available. Please manually upload the updated jar. I am not requesting
the creation of build automation.
> CLONE - XercesImpl 2.12.0 is not available on maven central - Manually upload
> new jar
> -------------------------------------------------------------------------------------
>
> Key: XERCESJ-1697
> URL: https://issues.apache.org/jira/browse/XERCESJ-1697
> Project: Xerces2-J
> Issue Type: Bug
> Affects Versions: 2.12.0
> Reporter: Michael Ahern
> Priority: Major
>
> The xercesImpl version 2.12 jar is not. This version is needed to gain access
> to the latest Xerces security fixes (e.g.
> [https://nvd.nist.gov/vuln/detail/CVE-2012-0881).]
> A number of open source projects are using insecure Xerces versions due to
> the lack of an up-to-date XercesImpl.jar in the maven central repository.
> https://mvnrepository.com/artifact/xerces/xercesImpl
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
