ppalaga commented on PR #4902:
URL: https://github.com/apache/camel-quarkus/pull/4902#issuecomment-1573417226
> @ppalaga I'm just curious in what case the `TCCL` is `null`?
When it is not set via `Thread.currentThread().setContextClassLoader(...)` -
it is quite a normal situation.
ppalaga commented on PR #4902:
URL: https://github.com/apache/camel-quarkus/pull/4902#issuecomment-1573376243
You mean I should file an issue on Xalan? - no problem, let me do it.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHu
ppalaga commented on PR #4902:
URL: https://github.com/apache/camel-quarkus/pull/4902#issuecomment-1573366856
Let's propose it in Xalan then. Should I help with formulating why we need
it?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log o
ppalaga commented on PR #4902:
URL: https://github.com/apache/camel-quarkus/pull/4902#issuecomment-1573359336
@zhfeng could you please try changing the constructor of
`ByteArrayClassLoader` so that it uses something like
`super(Thread.currentThread().getContextClassLoader() != null ?
Threa
ppalaga commented on PR #4902:
URL: https://github.com/apache/camel-quarkus/pull/4902#issuecomment-1551986513
I was able to do some hacks to make the XML security test pass - see
https://github.com/ppalaga/camel-quarkus/commits/pr4902
I unfortunately have no more time fix the failing XML
ppalaga commented on PR #4902:
URL: https://github.com/apache/camel-quarkus/pull/4902#issuecomment-1551181775
> what is missing so that the pipeline succeeds?
Let me have a look
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on
ppalaga commented on PR #4902:
URL: https://github.com/apache/camel-quarkus/pull/4902#issuecomment-1551124005
> There is, however, a major concern here:
[CVE-2022-34169](https://nvd.nist.gov/vuln/detail/CVE-2022-34169). For me, it
is unclear whether the issue is **actually** fixed in `2.7.3
