Re: Review request about pom.xml in JAX-WS ri

From: Romain Grecourt <romain.grecourt_at_oracle.com>
Date: Wed, 24 Jul 2013 11:46:33 +0200

Shouldn't this be reviewed at dev_at_metro.java.net ?

Thanks,
Romain

On 7/24/13 3:36 AM, shihua guo wrote:
> Hi all,
>
> We are fixing XML DoS security vulnerability bugs on Metro, including
> Bug 16999151, Bug 16999177, Bug 16999195. Upgrading Woodstox from
> 4.1.2 to 4.2.0 on JAX-WS RI is required for fixing these XML DoS Bugs.
> Please review the changes in pom.xml below (the base directory is
> https://svn.java.net/svn/jax-ws~sources/branches/jaxws22/jaxws-ri
> <https://svn.java.net/svn/jax-ws%7Esources/branches/jaxws22/jaxws-ri>):
>
> Index: boms/bom-ext/pom.xml
> ===================================================================
> --- boms/bom-ext/pom.xml (revision 14094)
> +++ boms/bom-ext/pom.xml (working copy)
> @@ -64,7 +64,8 @@
> <eclipselink.version>2.4.0</eclipselink.version>
> <junit.version>3.8.1</junit.version>
> <mail.version>1.4.5</mail.version>
> - <servlet-api.version>3.0.1</servlet-api.version>
> + <servlet-api.version>3.0.1</servlet-api.version>
> + <woodstox-core-asl.version>4.2.0</woodstox-core-asl.version>
> </properties>
>
> <dependencyManagement>
> Index: boms/bom/pom.xml
> ===================================================================
> --- boms/bom/pom.xml (revision 14094)
> +++ boms/bom/pom.xml (working copy)
> @@ -113,7 +113,6 @@
> <saaj-impl.version>1.3.21</saaj-impl.version>
> <streambuffer.version>1.5.3</streambuffer.version>
> <stax2-api.version>3.1.1</stax2-api.version>
> - <woodstox-core-asl.version>4.1.2</woodstox-core-asl.version>
> <javax.annotation-api.version>1.2-b03</javax.annotation-api.version>
> </properties>
>
> Thanks and best regards,
> Eric