Re: [cross-project-issues-dev] [External] : Re: Potential vulnerability

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]

Re: [cross-project-issues-dev] [External] : Re: Potential vulnerability in Apache Xerces 1.12.1 (CVE-2022-23437)

From: Lukas Jungmann <lukas.jungmann@xxxxxxxxxx>
Date: Thu, 27 Jan 2022 12:55:28 +0100
Arc-authentication-results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none
Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=YNKhpCbA0kiIp4GnCVfMKCVRp721d3agrg/NF/jEExA=; b=cLoi1GuuMdiEkyZqt3/enj9aJrWlh3XCW6JjESqv19EMDiBJLy6ZQ2gA4s6gDHAy5dsKiYc5HuiRaR2HCjzUz5zAs9OSVzUyUaJKZ84GqpQiw7Wj/9OAUMMXJ2T32eAeWtxRPD4yPrSKHBUquTpultEwzxt+USvAj4Qty8REq4zN5NUTSGlXijd1rNiYyNBpiTH1ImfP4ZDfopzc3jFi/KrEOMTMq+ulD6NPP+L/SGdIgAInVJCXa5/XKQYMsNNaIsjd9bSuwFb1izyS78Qfjv4TRCwCY4T8NygQXKsDqFS0rSjkceiSzcDJOFmN5XqkDJ/LWHxGVXxQH69Ku2cMcA==
Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=LSP1vR+Lj47HsqzCAsw5678Hb1o4zZOsYQ5KKkO/Un4MsXRqdGECuFvSXlwBRLUzV177NPpMbZKb0A7sA3bD7sE4eND4ydm/sUyt35MEptmVHxujYJPTDKuDoYSuKVGPg0EqDnFJMpFKjB/RTL5m6vVomlBmv3CJy+bCOb/CagBceen99o5igi44z4SGmIv82xOc3fNh4HS1kGyBlEgxFXyyJmnMhTuWpHFNsi4pNBjAJ5md8236MozlAwbmfiVhoT7Bh/z3iSF7S0rjIF+96RrbSodxTw1JLUgS+K4xT+9uy1jUKYtdVegxYCC6tgvTdyFTSVUeCqcN5K5OS5txFw==
Delivered-to: cross-project-issues-dev@xxxxxxxxxxx
List-archive: <https://www.eclipse.org/mailman/private/cross-project-issues-dev/>
List-help: <mailto:cross-project-issues-dev-request@eclipse.org?subject=help>
List-subscribe: <https://www.eclipse.org/mailman/listinfo/cross-project-issues-dev>, <mailto:cross-project-issues-dev-request@eclipse.org?subject=subscribe>
List-unsubscribe: <https://www.eclipse.org/mailman/options/cross-project-issues-dev>, <mailto:cross-project-issues-dev-request@eclipse.org?subject=unsubscribe>
User-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:91.0) Gecko/20100101 Thunderbird/91.5.1

On Wed, Jan 26, 2022 at 5:02 PM Wayne Beaton<wayne.beaton@xxxxxxxxxxxxxxxxxxxxxx<mailto:wayne.beaton@xxxxxxxxxxxxxxxxxxxxxx>> wrote:
    If anybody from EclipseLink is monitoring this channel, you have a
    CQ for this library, but I haven't found it in your builds yet. You
    should probably also have a look.


In active releases, EclipseLink no longer uses/ships xerces.

thanks,
--lukas

References:
- [cross-project-issues-dev] Potential vulnerability in Apache Xerces 1.12.1 (CVE-2022-23437)
  - From: Wayne Beaton
- Re: [cross-project-issues-dev] Potential vulnerability in Apache Xerces 1.12.1 (CVE-2022-23437)
  - From: Nitin Dahyabhai

Prev by Date: Re: [cross-project-issues-dev] Potential vulnerability in Apache Xerces 1.12.1 (CVE-2022-23437)
Next by Date: Re: [cross-project-issues-dev] Potential vulnerability in Apache Xerces 1.12.1 (CVE-2022-23437)
Previous by thread: Re: [cross-project-issues-dev] Potential vulnerability in Apache Xerces 1.12.1 (CVE-2022-23437)
Next by thread: [cross-project-issues-dev] Anyone with ruby skills willing to help getting maven-target support for dependabot?
Index(es):
- Date
- Thread

Breadcrumbs