OFBiz › OFBiz - Commits

svn commit: r1730882 - in /ofbiz/trunk: framework/base/lib/ specialpurpose/cmssite/template/docbook/extensions/

_‹ Previous Topic Next Topic _›

Classic

List

Threaded

1 message

jleroux@apache.org

svn commit: r1730882 - in /ofbiz/trunk: framework/base/lib/ specialpurpose/cmssite/template/docbook/extensions/

Author: jleroux
Date: Wed Feb 17 17:29:40 2016
New Revision: 1730882

URL: http://svn.apache.org/viewvc?rev=1730882&view=rev
Log:
In framework/base/lib/ updates Xalan from 2.7.1 to 2.7.2 because of CVE-2014-0107 (was fixed at XALANJ-2435) - https://issues.apache.org/jira/browse/OFBIZ-6905
This implies to update also Xerces from 2.9.1 to 2.11.0 and also xml-apis from 2.9.1 to 1.4.01 (2.9.1 was a wrong version number. It was actually part of the Xerces 2.9.1 package but I was unable to find the real version number then at https://xerces.apache.org/xerces2-j/releases.html)

Also updates Xalan from 27(?) to 2.7.2 in cmssite/template/docbook/extensions. I rendered https://localhost:8443/cmssite/cms/APACHE_OFBIZ_HTML w/o issues

Note: According to the DOM Level 3 specification and DOM Level 2 errata the createElementNS and createAttributeNS methods convert empty string namespaceURI to null.

jleroux: though the tests pass I'm not sure all is covered...

Added:
ofbiz/trunk/framework/base/lib/xalan-2.7.2.jar (with props)
ofbiz/trunk/framework/base/lib/xercesImpl-2.11.0.jar (with props)
ofbiz/trunk/framework/base/lib/xml-apis-1.4.01.jar (with props)
ofbiz/trunk/specialpurpose/cmssite/template/docbook/extensions/xalan-2.7.2.jar (with props)
Removed:
ofbiz/trunk/framework/base/lib/xalan-2.7.1.jar
ofbiz/trunk/framework/base/lib/xercesImpl-2.9.1.jar
ofbiz/trunk/framework/base/lib/xml-apis-2.9.1.jar
ofbiz/trunk/specialpurpose/cmssite/template/docbook/extensions/xalan27.jar

Added: ofbiz/trunk/framework/base/lib/xalan-2.7.2.jar
URL: http://svn.apache.org/viewvc/ofbiz/trunk/framework/base/lib/xalan-2.7.2.jar?rev=1730882&view=auto
==============================================================================
Binary file - no diff available.

Propchange: ofbiz/trunk/framework/base/lib/xalan-2.7.2.jar
------------------------------------------------------------------------------
svn:mime-type = application/octet-stream

Added: ofbiz/trunk/framework/base/lib/xercesImpl-2.11.0.jar
URL: http://svn.apache.org/viewvc/ofbiz/trunk/framework/base/lib/xercesImpl-2.11.0.jar?rev=1730882&view=auto
==============================================================================
Binary file - no diff available.

Propchange: ofbiz/trunk/framework/base/lib/xercesImpl-2.11.0.jar
------------------------------------------------------------------------------
svn:mime-type = application/octet-stream

Added: ofbiz/trunk/framework/base/lib/xml-apis-1.4.01.jar
URL: http://svn.apache.org/viewvc/ofbiz/trunk/framework/base/lib/xml-apis-1.4.01.jar?rev=1730882&view=auto
==============================================================================
Binary file - no diff available.

Propchange: ofbiz/trunk/framework/base/lib/xml-apis-1.4.01.jar
------------------------------------------------------------------------------
svn:mime-type = application/octet-stream

Added: ofbiz/trunk/specialpurpose/cmssite/template/docbook/extensions/xalan-2.7.2.jar
URL: http://svn.apache.org/viewvc/ofbiz/trunk/specialpurpose/cmssite/template/docbook/extensions/xalan-2.7.2.jar?rev=1730882&view=auto
==============================================================================
Binary file - no diff available.

Propchange: ofbiz/trunk/specialpurpose/cmssite/template/docbook/extensions/xalan-2.7.2.jar
------------------------------------------------------------------------------
svn:mime-type = application/octet-stream