Update of fop

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Update of fop

Lars Teuber
Hi,

There is a security issue in Xalan < 2.7.2, see:
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0107

Are there plans to update fop to the new version or is it possible /
recommended to just update the jar file?

Best regards
Lars

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: Update of fop

Chris Bowditch
Hi Lars,

Please log a JIRA to update the Xalan version shipped with FOP. Its not
a difficult change, but let's add it to the list so its not forgotten.

In the meantime, changing the JAR file manually in the lib folder is a
simple enough workaround

Thanks,

Chris

On 09/11/2015 15:19, Lars Teuber wrote:

> Hi,
>
> There is a security issue in Xalan < 2.7.2, see:
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0107
>
> Are there plans to update fop to the new version or is it possible /
> recommended to just update the jar file?
>
> Best regards
> Lars
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [hidden email]
> For additional commands, e-mail: [hidden email]
>
>
>


---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]