Update the The Apache Xalan library to the latest version 2.7.3

OpenLiberty / open-liberty

Open Liberty is a highly composable, fast to start, dynamic application server runtime environment

https://openliberty.io

Eclipse Public License 2.0

1.14k stars 587 forks source link

Update the The Apache Xalan library to the latest version 2.7.3 #28607

Open seshadhri-aswath opened 3 months ago

seshadhri-aswath commented 3 months ago

The Apache Xalan Java XSLT library 2.7.2 is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. Work was done in [https://github.com/OpenLiberty/open-liberty/pull/22150] to exclude the packages from shipping. Since version 2.7.3 was released with a fix, we are updating the dependencies to use the newer version 2.7.3.

seshadhri-aswath commented 2 months ago

An Open-Liberty Issue 28798 to investigate and re-enable the failing test - testBothjdkSourceLevelAndjavaSourceLevel due to a problem related to Java security Privileged Action exception.