"Cantor, Scott" <canto...@osu.edu> wrote on 10/03/2014 04:19:46 PM: > My project's older branch has a dependency on Xerces for historical > reasons, and we were made aware of an old CVE from 2013 [1] that > apparently has been corrected in trunk as of 16 months ago [2], but we're > trying to assess our options here (the most unpleasant being to fork if > that's the only way we can get a fix out). > > Is there any likelihood of a 2.12 with this fix within the imminent future?
Long overdue to have a new release but not likely in the imminent future. Would be great if we had more volunteers who could dedicate time to that. > -- Scott > > [1] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4002 > [2] https://svn.apache.org/viewvc?view=revision&revision=1499506 > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: j-users-unsubscr...@xerces.apache.org > For additional commands, e-mail: j-users-h...@xerces.apache.org Thanks. Michael Glavassevich XML Technologies and WAS Development IBM Toronto Lab E-mail: mrgla...@ca.ibm.com E-mail: mrgla...@apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: j-users-unsubscr...@xerces.apache.org For additional commands, e-mail: j-users-h...@xerces.apache.org