Skip to content

Commit

Permalink
[security] update xalan version including explicit reference to seria…
Browse files Browse the repository at this point in the history 
…lizer
  • Loading branch information
@dizzzz
dizzzz committed Jul 10, 2023
1 parent ee221f5 commit bd90f8d
Show file tree
Hide file tree
Showing 2 changed files with 9 additions and 2 deletions.
10 changes: 8 additions & 2 deletions exist-core/pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -364,7 +364,7 @@
<dependency>
<groupId>xalan</groupId>
<artifactId>xalan</artifactId>
<version>2.7.3</version> <!-- needed at compile time for various dependencies -->
<version>${xalan.version}</version> <!-- needed at compile time for various dependencies -->
<exclusions>
<exclusion> <!-- conflicts with Java 17's javax.xml module -->
<groupId>xml-apis</groupId>
Expand All @@ -373,6 +373,12 @@
</exclusions>
</dependency>

<dependency>
<groupId>xalan</groupId>
<artifactId>serializer</artifactId>
<version>${xalan.version}</version>
</dependency>

<dependency>
<groupId>net.sf.saxon</groupId>
<artifactId>Saxon-HE</artifactId>
Expand Down Expand Up @@ -989,7 +995,7 @@ The BaseX Team. The original license statement is also included below.]]></pream
<ignoredUnusedDeclaredDependency>org.apache.logging.log4j:log4j-jcl:jar:${log4j.version}</ignoredUnusedDeclaredDependency>
<ignoredUnusedDeclaredDependency>org.apache.logging.log4j:log4j-slf4j2-impl:jar:${log4j.version}</ignoredUnusedDeclaredDependency>
<ignoredUnusedDeclaredDependency>org.apache.logging.log4j:log4j-jul:jar:${log4j.version}</ignoredUnusedDeclaredDependency>

<ignoredUnusedDeclaredDependency>xalan:serializer:jar:${xalan.version}</ignoredUnusedDeclaredDependency>
<ignoredUnusedDeclaredDependency>org.eclipse.angus:angus-activation:jar:${eclipse.angus-activation.version}</ignoredUnusedDeclaredDependency>
<ignoredUnusedDeclaredDependency>org.glassfish.jaxb:jaxb-runtime:jar:${jaxb.impl.version}</ignoredUnusedDeclaredDependency>
<ignoredUnusedDeclaredDependency>org.fusesource.jansi:jansi:jar:2.4.0</ignoredUnusedDeclaredDependency>
Expand Down
1 change: 1 addition & 0 deletions exist-parent/pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -119,6 +119,7 @@
<milton.version>1.8.1.3</milton.version>
<milton.servlet.version>1.8.1.3-jakarta5</milton.servlet.version>
<saxon.version>9.9.1-8</saxon.version>
<xalan.version>2.7.3</xalan.version>
<xmlresolver.version>4.6.4</xmlresolver.version>
<xmlunit.version>2.9.1</xmlunit.version>
<junit.version>4.13.2</junit.version>
Expand Down

0 comments on commit bd90f8d

Please sign in to comment.