I would be happy to help with the communications. Has someone
validated that XML Parser is is not in the Eclipse packages?
btw, should this be sent to the Eclipse security team?
On 12/6/2017 2:37 AM, Mickael Istria
This piece of news is spreading very fast on social media.
As far as I understand (and I may be wrong), the security
flaw mentioned here isn't in Eclipse IDE itself but in ADT
or some other piece of Android SDK.
So basically, Eclipse IDE has once again its image hurt by
an issue in ADT...
If this happens to be the case, it would be interesting to
have the Eclipse Foundation sending a PR to explain that
Eclipse IDE itself is fine, and is open for extensions, and
that security flaws in extensions are only the responsibility
of extension providers; and warn against this kind of message
which tends to blame the wrong layer.
ide-dev mailing list
To change your delivery options, retrieve your password, or unsubscribe from this list, visit