On Wed, Dec 30, 2009 at 5:35 AM, Cemo Koc <cem.koc.fwd_at_gmail.com> wrote:
>
> Dear Paul,
>
> I understood problem thanks to you again... The bank we are cooperating gave
> us a payment library but now I can see that they included xerces
> implementation inside in their jar unfortunately. I am not sure what I
> should to do solve this problem. And of course it can cause a lot of other
Ask them to fix the problem: they should not be bundling up
unnecessary jars within their libraries.
And in this case doing that will cause problems that they should fix.
Given that you are dealing with developers of a financial institution,
I would suggest you point specific error message to them, if they need
convincing in importance of removing the obsolete version of Xerces.
The rate of development with such institutions may be glacial, but
they generally acknowledge importance of security-related aspects. :-)
("... I can use your library, but the error message indicates that
this would be a security risk, so I really need a written statement to
confirm that this is acceptable risk for the project...")
-+ Tatu +-