poi-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From uschind...@apache.org
Subject svn commit: r6192 - /release/poi/release/RELEASE-NOTES.txt
Date Mon, 18 Aug 2014 17:00:23 GMT
Author: uschindler
Date: Mon Aug 18 17:00:23 2014
New Revision: 6192

Add note about older XERCES versions to release notes


Modified: release/poi/release/RELEASE-NOTES.txt
--- release/poi/release/RELEASE-NOTES.txt (original)
+++ release/poi/release/RELEASE-NOTES.txt Mon Aug 18 17:00:23 2014
@@ -18,7 +18,9 @@ This release is a bugfix release to fix 
 Please note: You should use xmlbeans-2.6.jar (as shipped with this release)
 instead of the xmlbeans-2.3.jar version from the 3.10-FINAL release to work
-around CVE-2014-3574.
+around CVE-2014-3574. If you have an alternate XML parser like Apache Xerces
+in classpath, be sure to use a recent version! Older versions are likely to
+break on setting required security features.
 A full list of changes is available in the change log: http://poi.apache.org/changes.html.

 People interested should also follow the dev mailing list to track further progress.

To unsubscribe, e-mail: commits-unsubscribe@poi.apache.org
For additional commands, e-mail: commits-help@poi.apache.org

View raw message