[
https://issues.apache.org/jira/browse/XERCESJ-1783?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18003837#comment-18003837
]
Mukul Gandhi commented on XERCESJ-1783:
---------------------------------------
[~elharo] When we migrated Xerces-J code base to github, we also migrated src
code of xml-resolver as well to github. Xerces-J xml-resolver's code on github
is located here, https://github.com/apache/xerces-j/tree/xml-commons-resolver
(this code repos branch is parallel to the Xerces-J repos branch main).
> Not having License.txt in xml-resolver-1.1.jar
> ----------------------------------------------
>
> Key: XERCESJ-1783
> URL: https://issues.apache.org/jira/browse/XERCESJ-1783
> Project: Xerces2-J
> Issue Type: Improvement
> Components: Other
> Reporter: VIVEK BIBHUTI
> Priority: Minor
>
> Hi,
> We are using *xml-resolver-1.1.jar* in our project.
> One of our customer has reported that this jar doesn't contains License.txt
> file and raised as a critical vulnerability by their IQ scan (Sonatype).
> We explained that the MANIFEST.MF has a link to Apache site, where the
> license is already available publicly.
> Two question
> 1. Why the License file is not added to the jar itself?
> 2. Could you please check if the License.txt can be added in the
> xml-resolver-1.1.jar?
> [https://github.com/apache/xerces-j/tree/xml-commons-resolver]
> [https://mvnrepository.com/artifact/xml-resolver/xml-resolver/1.1]
>
> We have raised this query to LEGAL also they suggest us to raise another Jira
> in XERCESJ project. Below is the reference
> https://issues.apache.org/jira/browse/LEGAL-705
>
> Regards
> Vivek
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: j-dev-unsubscr...@xerces.apache.org
For additional commands, e-mail: j-dev-h...@xerces.apache.org
