Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

upgrade xerces to 2.12.2 (backport v1.13.x) #2499

Merged
merged 1 commit into from
Apr 6, 2022

Conversation

flavorjones
Copy link
Member

@flavorjones flavorjones commented Apr 5, 2022

What problem is this PR intended to solve?

Upgrade xerces to 2.12.2 to address GHSA-h65f-jvqw-m9fj. This is a backport to the v1.13.x branch. XercesJ 2.12.2 is a bugfix release that includes important fixes, including a parsing performance issue and a bug in the regex implementation.

See also #2441 and #2482. Note that this upgrade is more explicit on main (for v1.14.x) because that version uses jar-dependencies and maven under the hood. On v1.13.x, we just drop a new jar in. It's not great but will have to do for the patch release.

cc @jsvd

Backport to v1.13.x of the work described at #2441
@flavorjones flavorjones merged commit ba7a28c into v1.13.x Apr 6, 2022
@flavorjones flavorjones deleted the 2441-xerces-2.12.2-backport-v1.13.x branch April 6, 2022 15:05
@flavorjones flavorjones added this to the v1.13.x patch releases milestone Apr 6, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant