subject:"RE\: \[EXTERNAL\] \[VOTE RESULTS\]\: Xerces\-J 2.12.0 release"

RE: [EXTERNAL] [VOTE RESULTS]: Xerces-J 2.12.0 release

2018-05-22 Thread Michael Glavassevich

CVE-2018-2799 was the only one we asked about, but it was security@'s 
opinion that we didn't need a new CVE for that one. Honestly, this isn't a 
subject I know much about. I think if this had been reported through the 
security team (under the assumption it was a newly discovered issue), 
following through the process [1] a new CVE would have been requested.

Thanks.

[1] https://www.apache.org/security/committers.html

Michael Glavassevich
XML Technologies and WAS Development
IBM Toronto Lab
E-mail: mrgla...@ca.ibm.com
E-mail: mrgla...@apache.org

David Dillard  wrote on 05/22/2018 11:20:08 AM:

> From: David Dillard 
> To: "j-...@xerces.apache.org" , "j-
> us...@xerces.apache.org" 
> Cc: "muk...@apache.org" , 
> "priv...@xerces.apache.org" 
> Date: 05/22/2018 11:30 AM
> Subject: RE: [EXTERNAL] [VOTE RESULTS]: Xerces-J 2.12.0 release
> 
> Hi Michael,
> 
> That’s ok for CVE-2012-0881, though the CPEs (affected software and 
> versions) should be updated to reflect that the issue was fixed in 
> 2.12.0.  I’m happy to send that request in if you like.
> 
> However, for CVE-2013-4002 and CVE-2018-2799 I’m going to disagree ,
> as neither of them even mentions Xerces.  As is, the only way anyway
> would know that those two vulnerabilities were fixed in Xerces is to
> read the Xerces release announcement.  So, if someone relies on 
> tools like Dependency Check, Black Duck or White Source (which can 
> scan jars for known vulnerabilities) there’d be no issue flagged for
> Xerces 2.11.0 or earlier.  That’s bad.  I don’t think updating the 
> CPEs for either of those vulnerabilities is really an option and IBM
> and Oracle issued them and the descriptions are specific to their 
> products.  I think new CVEs are needed for these issues.
> 
> Fixing vulnerabilities is obviously important, but making it easy 
> for people to know those vulnerabilities have been fixed is also 
important.
> 
> 
> Regards,
> 
> David
> 
> 
> From: Michael Glavassevich [mailto:mrgla...@ca.ibm.com] 
> Sent: Tuesday, May 22, 2018 9:52 AM
> To: j-users@xerces.apache.org
> Cc: j-...@xerces.apache.org; muk...@apache.org; 
priv...@xerces.apache.org
> Subject: RE: [EXTERNAL] [VOTE RESULTS]: Xerces-J 2.12.0 release
> 
> I thought the CVE was mentioned in the release announcement.
> 
> The security team did eventually respond to us and said we shouldn't
> need a new CVE since it's the same source code that's affected.
> 
> Thanks.
> 
> Michael Glavassevich
> XML Technologies and WAS Development
> IBM Toronto Lab
> E-mail: mrgla...@ca.ibm.com
> E-mail: mrgla...@apache.org

RE: [EXTERNAL] [VOTE RESULTS]: Xerces-J 2.12.0 release

2018-05-22 Thread David Dillard

Hi Michael,

That’s ok for CVE-2012-0881<https://nvd.nist.gov/vuln/detail/CVE-2012-0881>, 
though the CPEs (affected software and versions) should be updated to reflect 
that the issue was fixed in 2.12.0.  I’m happy to send that request in if you 
like.

However, for CVE-2013-4002<https://nvd.nist.gov/vuln/detail/CVE-2013-4002> and 
CVE-2018-2799<https://nvd.nist.gov/vuln/detail/CVE-2018-2799> I’m going to 
disagree , as neither of them even mentions Xerces.  As is, the only way anyway 
would know that those two vulnerabilities were fixed in Xerces is to read the 
Xerces release announcement.  So, if someone relies on tools like Dependency 
Check, Black Duck or White Source (which can scan jars for known 
vulnerabilities) there’d be no issue flagged for Xerces 2.11.0 or earlier.  
That’s bad.  I don’t think updating the CPEs for either of those 
vulnerabilities is really an option and IBM and Oracle issued them and the 
descriptions are specific to their products.  I think new CVEs are needed for 
these issues.

Fixing vulnerabilities is obviously important, but making it easy for people to 
know those vulnerabilities have been fixed is also important.


Regards,

David


From: Michael Glavassevich [mailto:mrgla...@ca.ibm.com]
Sent: Tuesday, May 22, 2018 9:52 AM
To: j-users@xerces.apache.org
Cc: j-...@xerces.apache.org; muk...@apache.org; priv...@xerces.apache.org
Subject: RE: [EXTERNAL] [VOTE RESULTS]: Xerces-J 2.12.0 release

I thought the CVE was mentioned in the release announcement.

The security team did eventually respond to us and said we shouldn't need a new 
CVE since it's the same source code that's affected.

Thanks.

Michael Glavassevich
XML Technologies and WAS Development
IBM Toronto Lab
E-mail: mrgla...@ca.ibm.com<mailto:mrgla...@ca.ibm.com>
E-mail: mrgla...@apache.org<mailto:mrgla...@apache.org>

RE: [EXTERNAL] [VOTE RESULTS]: Xerces-J 2.12.0 release

2018-05-22 Thread Michael Glavassevich

I thought the CVE was mentioned in the release announcement.

The security team did eventually respond to us and said we shouldn't need 
a new CVE since it's the same source code that's affected.

Thanks.

Michael Glavassevich
XML Technologies and WAS Development
IBM Toronto Lab
E-mail: mrgla...@ca.ibm.com
E-mail: mrgla...@apache.org

David Dillard  wrote on 05/21/2018 10:25:25 AM:

> From: David Dillard 
> To: "j-...@xerces.apache.org" 
> Cc: "j-users@xerces.apache.org" , 
> "muk...@apache.org" , "priv...@xerces.apache.org"
> 
> Date: 05/22/2018 09:45 AM
> Subject: RE: [EXTERNAL] [VOTE RESULTS]: Xerces-J 2.12.0 release
> 
> Any news on this?
> 
> 
> From: Michael Glavassevich [mailto:mrgla...@ca.ibm.com] 
> Sent: Monday, April 30, 2018 11:54 AM
> To: j-...@xerces.apache.org
> Cc: j-users@xerces.apache.org; muk...@apache.org; 
priv...@xerces.apache.org
> Subject: RE: [EXTERNAL] [VOTE RESULTS]: Xerces-J 2.12.0 release
> 
> I have asked security@ for guidance on what to do next.
> 
> Michael Glavassevich
> XML Technologies and WAS Development
> IBM Toronto Lab
> E-mail: mrgla...@ca.ibm.com
> E-mail: mrgla...@apache.org
> 
> David Dillard  wrote on 04/30/2018 11:02:28 
AM:
> 
> > From: David Dillard 
> > To: "j-...@xerces.apache.org" , 
> > "muk...@apache.org" , "priv...@xerces.apache.org"
> > , "j-users@xerces.apache.org"  > us...@xerces.apache.org>
> >
> > Date: 04/30/2018 11:32 AM
> > Subject: RE: [EXTERNAL] [VOTE RESULTS]: Xerces-J 2.12.0 release
> > 
> > I asked before about getting a CVE for the issue I raised that was 
> > fixed, and about a security advisory.  I don’t recall seeing a 
response.
> > 
> > Can that please be done as well?  I don’t know what the internal 
> > Apache process is for getting CVEs, but there’s got to be one.
> > 
> > 
> > From: Mukul Gandhi [mailto:muk...@apache.org] 
> > Sent: Sunday, April 29, 2018 11:45 PM
> > To: j-...@xerces.apache.org; priv...@xerces.apache.org; j-
> > us...@xerces.apache.org
> > Subject: [EXTERNAL] [VOTE RESULTS]: Xerces-J 2.12.0 release
> > 
> > Hi all,
> >The vote to release Xerces-J 2.12.0 resulted in 3 +1 votes (all 
> > from PMC members) and no other votes:
> > 
> > +1 by:
> > Gareth Reakes (PMC)
> > Michael Glavassevich (PMC)
> > Mukul Gandhi (PMC)
> > 
> > The release should be up on the mirror sites very soon.
> > 
> > 
> > On Mon, Apr 23, 2018 at 5:36 PM, Mukul Gandhi  
wrote:
> > Hi all,
> >The 1st voting for Xerces-J 2.12.0 release was stopped, due to 
> > certain issues that were in the release candidates (RC) that were 
> > found by the reviewers ([5]). Those have been fixed now, and I'm 
> > initiating this new mail for the Vote for new RC.
> > 
> > I've uploaded Xerces-J 2.12.0 release candidates (the revised one) 
> > to [1] for review. In this release candidate there are two sets of 
> > packages, the main release built from the trunk [2] and the XML 
> > Schema 1.1 release built from the XML Schema 1.1 development branch 
> > [3]. The change summary is available here [4] in JIRA. 81 issues 
> > (plus issues that were mentioned, during the review of 1st RC) 
> were resolved.
> > 
> > Test results have been looking good, so I'd like to call an official
> > vote now on the release.
> > 
> > To start, here's my +1.
> > 
> > Great work everyone.
> > 
> > [1] https://dist.apache.org/repos/dist/dev/xerces/j/2.12.0/
> > Revision 26468
> > 
> > [2] http://svn.apache.org/viewvc/xerces/java/tags/Xerces-J_2_12_0/
> > Directory revision: 1829687 (of 1829689)
> > 
> > [3] http://svn.apache.org/viewvc/xerces/java/tags/Xerces-J_2_12_0-
> > xml-schema-1.1/
> > Directory revision: 1829688 (of 1829689)
> > 
> > [4] https://issues.apache.org/jira/secure/ReleaseNote.jspa?
> > projectId=10520&version=12336542
> > 
> > [5] https://markmail.org/message/54obpdyqrn6nfzgi: discussion about
> > previous RC, suggesting a revote
> > 
> > [6] Deleting .md5 hash files from the RC distribution at, https://
> > dist.apache.org/repos/dist/dev/xerces/j/2.12.0/. Mentioned Revision 
> > number in point [1] above. (suggestions from sebb, seb...@gmail.com 
> > during this voting)
> > 
> > 
> 
> > 
> > -- 
> > Regards,
> > Mukul Gandhi

RE: [EXTERNAL] [VOTE RESULTS]: Xerces-J 2.12.0 release

2018-05-22 Thread David Dillard

Any news on this?


From: Michael Glavassevich [mailto:mrgla...@ca.ibm.com]
Sent: Monday, April 30, 2018 11:54 AM
To: j-...@xerces.apache.org
Cc: j-users@xerces.apache.org; muk...@apache.org; priv...@xerces.apache.org
Subject: RE: [EXTERNAL] [VOTE RESULTS]: Xerces-J 2.12.0 release

I have asked security@ for guidance on what to do next.

Michael Glavassevich
XML Technologies and WAS Development
IBM Toronto Lab
E-mail: mrgla...@ca.ibm.com<mailto:mrgla...@ca.ibm.com>
E-mail: mrgla...@apache.org<mailto:mrgla...@apache.org>

David Dillard mailto:david.dill...@veritas.com>> 
wrote on 04/30/2018 11:02:28 AM:

> From: David Dillard 
> mailto:david.dill...@veritas.com>>
> To: "j-...@xerces.apache.org<mailto:j-...@xerces.apache.org>" 
> mailto:j-...@xerces.apache.org>>,
> "muk...@apache.org<mailto:muk...@apache.org>" 
> mailto:muk...@apache.org>>, 
> "priv...@xerces.apache.org<mailto:priv...@xerces.apache.org>"
> mailto:priv...@xerces.apache.org>>, 
> "j-users@xerces.apache.org<mailto:j-users@xerces.apache.org>"  us...@xerces.apache.org<mailto:us...@xerces.apache.org>>
>
> Date: 04/30/2018 11:32 AM
> Subject: RE: [EXTERNAL] [VOTE RESULTS]: Xerces-J 2.12.0 release
>
> I asked before about getting a CVE for the issue I raised that was
> fixed, and about a security advisory.  I don’t recall seeing a response.
>
> Can that please be done as well?  I don’t know what the internal
> Apache process is for getting CVEs, but there’s got to be one.
>
>
> From: Mukul Gandhi [mailto:muk...@apache.org]
> Sent: Sunday, April 29, 2018 11:45 PM
> To: j-...@xerces.apache.org<mailto:j-...@xerces.apache.org>; 
> priv...@xerces.apache.org<mailto:priv...@xerces.apache.org>; j-
> us...@xerces.apache.org<mailto:us...@xerces.apache.org>
> Subject: [EXTERNAL] [VOTE RESULTS]: Xerces-J 2.12.0 release
>
> Hi all,
>The vote to release Xerces-J 2.12.0 resulted in 3 +1 votes (all
> from PMC members) and no other votes:
>
> +1 by:
> Gareth Reakes (PMC)
> Michael Glavassevich (PMC)
> Mukul Gandhi (PMC)
>
> The release should be up on the mirror sites very soon.
>
>
> On Mon, Apr 23, 2018 at 5:36 PM, Mukul Gandhi 
> mailto:muk...@apache.org>> wrote:
> Hi all,
>The 1st voting for Xerces-J 2.12.0 release was stopped, due to
> certain issues that were in the release candidates (RC) that were
> found by the reviewers ([5]). Those have been fixed now, and I'm
> initiating this new mail for the Vote for new RC.
>
> I've uploaded Xerces-J 2.12.0 release candidates (the revised one)
> to [1] for review. In this release candidate there are two sets of
> packages, the main release built from the trunk [2] and the XML
> Schema 1.1 release built from the XML Schema 1.1 development branch
> [3]. The change summary is available here [4] in JIRA. 81 issues
> (plus issues that were mentioned, during the review of 1st RC) were resolved.
>
> Test results have been looking good, so I'd like to call an official
> vote now on the release.
>
> To start, here's my +1.
>
> Great work everyone.
>
> [1] https://dist.apache.org/repos/dist/dev/xerces/j/2.12.0/
> Revision 26468
>
> [2] http://svn.apache.org/viewvc/xerces/java/tags/Xerces-J_2_12_0/
> Directory revision: 1829687 (of 1829689)
>
> [3] http://svn.apache.org/viewvc/xerces/java/tags/Xerces-J_2_12_0-
> xml-schema-1.1/
> Directory revision: 1829688 (of 1829689)
>
> [4] https://issues.apache.org/jira/secure/ReleaseNote.jspa?
> projectId=10520&version=12336542
>
> [5] https://markmail.org/message/54obpdyqrn6nfzgi: discussion about
> previous RC, suggesting a revote
>
> [6] Deleting .md5 hash files from the RC distribution at, https://
> dist.apache.org/repos/dist/dev/xerces/j/2.12.0/. Mentioned Revision
> number in point [1] above. (suggestions from sebb, 
> seb...@gmail.com<mailto:seb...@gmail.com>
> during this voting)
>
>

>
> --
> Regards,
> Mukul Gandhi

RE: [EXTERNAL] [VOTE RESULTS]: Xerces-J 2.12.0 release

2018-05-02 Thread David Dillard

I’m ok with that for the release announcement.

From: Mukul Gandhi [mailto:muk...@apache.org]
Sent: Wednesday, May 2, 2018 3:33 AM
To: j-...@xerces.apache.org
Cc: priv...@xerces.apache.org; j-users@xerces.apache.org
Subject: Re: [EXTERNAL] [VOTE RESULTS]: Xerces-J 2.12.0 release

Hi David,

On Mon, Apr 30, 2018 at 8:32 PM, David Dillard 
mailto:david.dill...@veritas.com>> wrote:
I asked before about getting a CVE for the issue I raised that was fixed, and 
about a security advisory.  I don’t recall seeing a response.

Can that please be done as well?  I don’t know what the internal Apache process 
is for getting CVEs, but there’s got to be one.

 Looking at the 2.12.0 release notes in JIRA, and the CVE which you pointed 
that we fixed, I propose to have following written within our 2.12.0 release 
announcement,

The following security issues, raised by users were fixed:

CVE-2012-0881 : https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0881

CVE-2013-4002 : https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4002

CVE-2018-2799 : https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2799

Please let us know your opinion about this. Anyone else could also comment.

--
Regards,
Mukul Gandhi

Re: [EXTERNAL] [VOTE RESULTS]: Xerces-J 2.12.0 release

2018-05-02 Thread Mukul Gandhi

Hi David,

On Mon, Apr 30, 2018 at 8:32 PM, David Dillard 
wrote:

> I asked before about getting a CVE for the issue I raised that was fixed,
> and about a security advisory.  I don’t recall seeing a response.
>
>
>
> Can that please be done as well?  I don’t know what the internal Apache
> process is for getting CVEs, but there’s got to be one.
>

 Looking at the 2.12.0 release notes in JIRA, and the CVE which you pointed
that we fixed, I propose to have following written within our 2.12.0
release announcement,


The following security issues, raised by users were fixed:

CVE-2012-0881 : https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0881

CVE-2013-4002 : https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4002

CVE-2018-2799 : https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2799


Please let us know your opinion about this. Anyone else could also comment.


-- 
Regards,
Mukul Gandhi

Re: [EXTERNAL] [VOTE RESULTS]: Xerces-J 2.12.0 release

2018-05-01 Thread Mukul Gandhi

Hi David,

On Mon, Apr 30, 2018 at 8:32 PM, David Dillard 
wrote:

> I asked before about getting a CVE for the issue I raised that was fixed,
> and about a security advisory.  I don’t recall seeing a response.
>

Michael (our PMC chair) wrote to Apache security@ about this issue, a day
or two ago. But there's been no response from Apache security@ yet. If
there's a reply from Apache security@ later about this, we could declare
these details (i.e security advisory you talked about) as a separate note.
But for now, it would be good that we make a announcement to the lists
about the Xerces 2.12.0 release.

-- 
Regards,
Mukul Gandhi

RE: [EXTERNAL] [VOTE RESULTS]: Xerces-J 2.12.0 release

2018-04-30 Thread David Dillard

I asked before about getting a CVE for the issue I raised that was fixed, and 
about a security advisory.  I don’t recall seeing a response.

Can that please be done as well?  I don’t know what the internal Apache process 
is for getting CVEs, but there’s got to be one.

From: Mukul Gandhi [mailto:muk...@apache.org]
Sent: Sunday, April 29, 2018 11:45 PM
To: j-...@xerces.apache.org; priv...@xerces.apache.org; 
j-users@xerces.apache.org
Subject: [EXTERNAL] [VOTE RESULTS]: Xerces-J 2.12.0 release

Hi all,
   The vote to release Xerces-J 2.12.0 resulted in 3 +1 votes (all from PMC 
members) and no other votes:

+1 by:

Gareth Reakes (PMC)

Michael Glavassevich (PMC)

Mukul Gandhi (PMC)

The release should be up on the mirror sites very soon.

On Mon, Apr 23, 2018 at 5:36 PM, Mukul Gandhi 
mailto:muk...@apache.org>> wrote:
Hi all,
   The 1st voting for Xerces-J 2.12.0 release was stopped, due to certain 
issues that were in the release candidates (RC) that were found by the 
reviewers ([5]). Those have been fixed now, and I'm initiating this new mail 
for the Vote for new RC.

I've uploaded Xerces-J 2.12.0 release candidates (the revised one) to [1] for 
review. In this release candidate there are two sets of packages, the main 
release built from the trunk [2] and the XML Schema 1.1 release built from the 
XML Schema 1.1 development branch [3]. The change summary is available here [4] 
in JIRA. 81 issues (plus issues that were mentioned, during the review of 1st 
RC) were resolved.

Test results have been looking good, so I'd like to call an official vote now 
on the release.

To start, here's my +1.

Great work everyone.

[1] https://dist.apache.org/repos/dist/dev/xerces/j/2.12.0/
Revision 26468

[2] http://svn.apache.org/viewvc/xerces/java/tags/Xerces-J_2_12_0/
Directory revision: 1829687 (of 1829689)

[3] 
http://svn.apache.org/viewvc/xerces/java/tags/Xerces-J_2_12_0-xml-schema-1.1/
Directory revision: 1829688 (of 1829689)

[4] 
https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=10520&version=12336542

[5] https://markmail.org/message/54obpdyqrn6nfzgi : discussion about previous 
RC, suggesting a revote

[6] Deleting .md5 hash files from the RC distribution at, 
https://dist.apache.org/repos/dist/dev/xerces/j/2.12.0/. Mentioned Revision 
number in point [1] above. (suggestions from sebb, 
seb...@gmail.com during this voting)

--
Regards,
Mukul Gandhi

RE: [EXTERNAL] [VOTE RESULTS]: Xerces-J 2.12.0 release

2018-04-30 Thread Michael Glavassevich

I have asked security@ for guidance on what to do next.

Michael Glavassevich
XML Technologies and WAS Development
IBM Toronto Lab
E-mail: mrgla...@ca.ibm.com
E-mail: mrgla...@apache.org

David Dillard  wrote on 04/30/2018 11:02:28 AM:

> From: David Dillard 
> To: "j-...@xerces.apache.org" , 
> "muk...@apache.org" , "priv...@xerces.apache.org"
> , "j-users@xerces.apache.org"  us...@xerces.apache.org>
>
> Date: 04/30/2018 11:32 AM
> Subject: RE: [EXTERNAL] [VOTE RESULTS]: Xerces-J 2.12.0 release
> 
> I asked before about getting a CVE for the issue I raised that was 
> fixed, and about a security advisory.  I don’t recall seeing a response.
> 
> Can that please be done as well?  I don’t know what the internal 
> Apache process is for getting CVEs, but there’s got to be one.
> 
> 
> From: Mukul Gandhi [mailto:muk...@apache.org] 
> Sent: Sunday, April 29, 2018 11:45 PM
> To: j-...@xerces.apache.org; priv...@xerces.apache.org; j-
> us...@xerces.apache.org
> Subject: [EXTERNAL] [VOTE RESULTS]: Xerces-J 2.12.0 release
> 
> Hi all,
>The vote to release Xerces-J 2.12.0 resulted in 3 +1 votes (all 
> from PMC members) and no other votes:
> 
> +1 by:
> Gareth Reakes (PMC)
> Michael Glavassevich (PMC)
> Mukul Gandhi (PMC)
> 
> The release should be up on the mirror sites very soon.
> 
> 
> On Mon, Apr 23, 2018 at 5:36 PM, Mukul Gandhi  wrote:
> Hi all,
>The 1st voting for Xerces-J 2.12.0 release was stopped, due to 
> certain issues that were in the release candidates (RC) that were 
> found by the reviewers ([5]). Those have been fixed now, and I'm 
> initiating this new mail for the Vote for new RC.
> 
> I've uploaded Xerces-J 2.12.0 release candidates (the revised one) 
> to [1] for review. In this release candidate there are two sets of 
> packages, the main release built from the trunk [2] and the XML 
> Schema 1.1 release built from the XML Schema 1.1 development branch 
> [3]. The change summary is available here [4] in JIRA. 81 issues 
> (plus issues that were mentioned, during the review of 1st RC) were 
resolved.
> 
> Test results have been looking good, so I'd like to call an official
> vote now on the release.
> 
> To start, here's my +1.
> 
> Great work everyone.
> 
> [1] https://dist.apache.org/repos/dist/dev/xerces/j/2.12.0/
> Revision 26468
> 
> [2] http://svn.apache.org/viewvc/xerces/java/tags/Xerces-J_2_12_0/
> Directory revision: 1829687 (of 1829689)
> 
> [3] http://svn.apache.org/viewvc/xerces/java/tags/Xerces-J_2_12_0-
> xml-schema-1.1/
> Directory revision: 1829688 (of 1829689)
> 
> [4] https://issues.apache.org/jira/secure/ReleaseNote.jspa?
> projectId=10520&version=12336542
> 
> [5] https://markmail.org/message/54obpdyqrn6nfzgi : discussion about
> previous RC, suggesting a revote
> 
> [6] Deleting .md5 hash files from the RC distribution at, https://
> dist.apache.org/repos/dist/dev/xerces/j/2.12.0/. Mentioned Revision 
> number in point [1] above. (suggestions from sebb, seb...@gmail.com 
> during this voting)
> 
> 

> 
> -- 
> Regards,
> Mukul Gandhi

RE: [EXTERNAL] [VOTE RESULTS]: Xerces-J 2.12.0 release

RE: [EXTERNAL] [VOTE RESULTS]: Xerces-J 2.12.0 release

RE: [EXTERNAL] [VOTE RESULTS]: Xerces-J 2.12.0 release

RE: [EXTERNAL] [VOTE RESULTS]: Xerces-J 2.12.0 release

RE: [EXTERNAL] [VOTE RESULTS]: Xerces-J 2.12.0 release

Re: [EXTERNAL] [VOTE RESULTS]: Xerces-J 2.12.0 release

Re: [EXTERNAL] [VOTE RESULTS]: Xerces-J 2.12.0 release

RE: [EXTERNAL] [VOTE RESULTS]: Xerces-J 2.12.0 release

RE: [EXTERNAL] [VOTE RESULTS]: Xerces-J 2.12.0 release

9 matches

Site Navigation

Mail list logo

Footer information