Uploaded image for project: 'Camel'
  1. Camel
  2. CAMEL-18346

Remove use of Xalan

    XMLWordPrintableJSON

Details

    • Task
    • Status: Resolved
    • Minor
    • Resolution: Fixed
    • None
    • 3.18.3, 3.19.0
    • build system
    • None
    • Unknown

    Description

      Xalan-J has an unfixed CVE. It is possible that this will be fixed in the future but Xalan-J has had only one release since 2008 (in 2014).

      https://www.cvedetails.com/cve/CVE-2022-34169/

      Java has built-in support for TransformerFactory and XPathFactory. This means most apps that use Xalan-J can readily switch away. Saxon-HE is another well maintained alternative.

      Places where Camel still uses Xalan:

      There are profiles for testing in a number of poms:
      eg https://github.com/apache/camel/blob/main/core/camel-core-engine/pom.xml#L325

      Attachments

        Activity

          People

            tcunning Thomas Cunningham
            pj.fanning PJ Fanning
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: