Cantor, Scott
2016-06-14 15:02:54 UTC
I have prepared a release candidate for 3.1.4 that fixes some outstanding bugs. My ETA for release is around the end of the month. I haven't checked over the generated HTML pages in the tarballs yet, so I probably will do a second RC before calling for a vote maybe around the end of next week, just to fix any missing doc changes. Code is frozen at this point barring feedback.
https://dist.apache.org/repos/dist/dev/xerces/c/3/sources/
This patch release includes a new security feature you can test. You can disable DTD processing (and cause the parser to error out) by setting an environment variable, XERCES_DISABLE_DTD=1. This was done in that less-than-ideal manner because of the desire to maintain ABI compatibility, while at the same time allowing applications that don't need DTD support to insulate themselves from a large class of bugs and attacks.
-- Scott
---------------------------------------------------------------------
To unsubscribe, e-mail: c-dev-***@xerces.apache.org
For additional commands, e-mail: c-dev-***@xerces.apache.org
https://dist.apache.org/repos/dist/dev/xerces/c/3/sources/
This patch release includes a new security feature you can test. You can disable DTD processing (and cause the parser to error out) by setting an environment variable, XERCES_DISABLE_DTD=1. This was done in that less-than-ideal manner because of the desire to maintain ABI compatibility, while at the same time allowing applications that don't need DTD support to insulate themselves from a large class of bugs and attacks.
-- Scott
---------------------------------------------------------------------
To unsubscribe, e-mail: c-dev-***@xerces.apache.org
For additional commands, e-mail: c-dev-***@xerces.apache.org