[FOP-3053] Security Vulnerability with Xerces version <= 2.12.1 - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: 2.7
Fix Version/s: 2.8
Component/s: None
Labels:
None

Description

FOP needs to reference Xerces 2.12.2, which fixes vulnerability:

https://nvd.nist.gov/vuln/detail/CVE-2022-23437

FOP 2.7 is still using vulneable Xerces 2.12.1.

Attachments

Activity

People

Assignee:: Simon Steiner

Reporter:: Hugo L R Prioli

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 11/Feb/22 17:23

Updated:: 14/Feb/22 09:45

Resolved:: 14/Feb/22 09:45