|
Subject: Re: [xsl] Saxon vulnerability From: "Michael Kay michaelkay90@xxxxxxxxx" <xsl-list-service@xxxxxxxxxxxxxxxxxxxxxx> Date: Fri, 7 Mar 2025 21:57:17 -0000 |
> Is a call to parse-xml being done "behind the scene" by any popular applications that might be using Saxon internally, such as Oxygen and or some XSLT/XPath extensions to VS.Code? > > If so, we should probably also be cautious to use these, before this vulnerability has been fixed and they confirm that they are no-longer using the affected previous versions of Saxon. > It's only relevant if stylesheet or query code is allowed to be executed on a machine that's not controlled by the stylesheet or query author, so most development environments are unlikely to be affected. Michael Kay Saxonica
| Current Thread |
|---|
|
| <- Previous | Index | Next -> |
|---|---|---|
| Re: [xsl] Saxon vulnerability, Dimitre Novatchev dn | Thread | Re: [xsl] Saxon vulnerability, Roger L Costello cos |
| Re: [xsl] Saxon vulnerability, Dimitre Novatchev dn | Date | Re: [xsl] Saxon vulnerability, Roger L Costello cos |
| Month |