VIVEK BIBHUTI created XERCESJ-1783:
--------------------------------------
Summary: Not having License.txt in xml-resolver-1.1.jar
Key: XERCESJ-1783
URL: https://issues.apache.org/jira/browse/XERCESJ-1783
Project: Xerces2-J
Issue Type: Improvement
Reporter: VIVEK BIBHUTI
Hi,
We are using *xml-resolver-1.1.jar* in our project.
One of our customer has reported that this jar doesn't contains License.txt
file and raised as a critical vulnerability by their IQ scan (Sonatype).
We explained that the MANIFEST.MF has a link to Apache site, where the license
is already available publicly.
Two question
1. Why the License file is not added to the jar itself?
2. Could you please check if the License.txt can be added in the
xml-resolver-1.1.jar?
[https://github.com/apache/xerces-j/tree/xml-commons-resolver]
[https://mvnrepository.com/artifact/xml-resolver/xml-resolver/1.1]
We have raised this query to LEGAL also they suggest us to raise another Jira
in XERCESJ project. Below is the reference
https://issues.apache.org/jira/browse/LEGAL-705
Regards
Vivek
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
