I read:

Issues Jan-02: our current SAX and JAXP code may not pass the current J2EE CTS test suite, since we have bugfixes
above what those CTS tests mandate. If you don't know what that is, you don't care; otherwise ask on commons-dev for
an update.

So ... I'm asking for an update! :)

First, does that Jan-02 mean the second day of January this year, or, the Month of January in the year 2002 ... in which case,
I'd assume the comment is completely out of date?

My _real_ reason for asking, is I would like to confirm or disconfirm that the code in xml-apis.jar is the exact same code that would be
available from it's original sources,

From a quick analysis, for example, when I look at the SAX code from
and compare it to the SAX code from
2.0.2 (sax2r3)
There is two extra files in the apache version:
SecuritySupport.java, and

So ... I'm wondering, does this sound right? Hava I made a mistake and they really are supposed to be the same?

Would there be similar small differences in the org.w3c.dom packages and javax.xml packages?

Is there any where these differences are explained or documtned?

And ... the _real_ reason I want to know all this, is I am working on creating OSGi bundles for use with Eclipse.
And, my end-goal is (mostly) to use the xerces implementation. In which case, I assume I would _have_ to use the
sax APIs from Apache not their original source. And, if I do that, any advice on how I should represent the _version_ of those
sax APIs? Version (just to sort of reflect it came from xml-commons version 1.3.04?

Any advice welcome.