[wtp-dev] org.apache.xerces_2.9.0 vulnerability issues in WTP

Andrew Tram via wtp-dev Thu, 01 Dec 2022 08:47:57 -0800

Hi,

Our team have encountered a few vulnerability issues pertaining to 
org.apache.xerces_2.9.0.v201101211617:


CVE-2022-23437<https://nvd.nist.gov/vuln/detail/CVE-2022-23437>
CVE-2012-0881<https://nvd.nist.gov/vuln/detail/CVE-2012-0881>
CVE-2009-2625<https://nvd.nist.gov/vuln/detail/CVE-2009-2625>

We have Eclipse products that are both on Photon, which contains these 
vulnerability issues.

https://archive.eclipse.org/webtools/downloads/drops/R3.10.0/R-3.10.0-20180611164516/repository

Is there is possible to remediate these issues by updating Xerces2 to 2.12.2, 
which was first included in WTP R3.25.0?

Thanks,

Andrew Tram
Advisory DevOps Engineer and Release Manager
Dev & Pipeline - IBM Z
andrew.t...@ibm.com<mailto:andrew.t...@ibm.com>
Slack<https://ibm-systems-z.slack.com/team/W8FEYD6G1> | 
LinkedIn<http://www.linkedin.com/in/andrewtram91>

IBM

_______________________________________________
wtp-dev mailing list
wtp-dev@eclipse.org
To unsubscribe from this list, visit 
https://www.eclipse.org/mailman/listinfo/wtp-dev

[wtp-dev] org.apache.xerces_2.9.0 vulnerability issues in WTP

Reply via email to