Re: [EXTERNAL] BlazeDS release

2022-09-14 Thread Piotr Zarzycki
old > -delete classes 1,2 > -modify classes 3,4 , > Optionally modify classes :flex.messaging.config.ServicesDependencies.java > and flex.messaging.config.FlexConfigurationManager.java > > > > Spiros > > > > > -Original Message- > From: Piotr Zarzycki [mailto:piotrza

RE: [EXTERNAL] BlazeDS release

2022-09-05 Thread spiros
: Piotr Zarzycki [mailto:piotrzarzyck...@gmail.com] Sent: Tuesday, August 30, 2022 9:57 AM To: dev@flex.apache.org Subject: Re: [EXTERNAL] BlazeDS release Maybe there is some replacement for both of that ? What do you think ? pt., 26 sie 2022 o 12:53 Piotr Zarzycki napisał(a): > Hi g

Re: [EXTERNAL] BlazeDS release

2022-08-30 Thread Piotr Zarzycki
>>> getting it when I started the branch. So, I would advise to look, if a >>> newer version is available and simply switch to that. If you need help with >>> that … give me a ping. Should be a matter of 5 minutes. >>> >>> Chris >>>

Re: [EXTERNAL] BlazeDS release

2022-08-26 Thread Piotr Zarzycki
vulnerability, as I wasn’t getting >> it when I started the branch. So, I would advise to look, if a newer >> version is available and simply switch to that. If you need help with that >> … give me a ping. Should be a matter of 5 minutes. >> >> Chris >> >> >&

Re: [EXTERNAL] BlazeDS release

2022-08-22 Thread Piotr Zarzycki
ex.apache.org , Brian Raymes < > brian.ray...@teotech.com> > Subject: Re: [EXTERNAL] BlazeDS release > The issue there is when processing malicious XSLT. > > We don't pass untrusted XSLT to it ? > > Tom > > On 15/08/2022 22:36, Brian Raymes wrote: > > Seems lik

Re: [EXTERNAL] BlazeDS release

2022-08-16 Thread Christofer Dutz
To: dev@flex.apache.org , Brian Raymes Subject: Re: [EXTERNAL] BlazeDS release The issue there is when processing malicious XSLT. We don't pass untrusted XSLT to it ? Tom On 15/08/2022 22:36, Brian Raymes wrote: > Seems like those dependencies need to be replaced due to vulnerabilit

Re: [EXTERNAL] BlazeDS release

2022-08-16 Thread Tom Chiverton
The issue there is when processing malicious XSLT. We don't pass untrusted XSLT to it ? Tom On 15/08/2022 22:36, Brian Raymes wrote: Seems like those dependencies need to be replaced due to vulnerabilities, as the Apache Xalan project has been retired:

RE: [EXTERNAL] BlazeDS release

2022-08-15 Thread Brian Raymes
Seems like those dependencies need to be replaced due to vulnerabilities, as the Apache Xalan project has been retired: https://github.com/advisories/GHSA-9339-86wc-4qgf -Original Message- From: Piotr Zarzycki Sent: Sunday, August 14, 2022 3:26 AM To: dev@flex.apache.org Subject: