Thank you John Appreciate your quick response on this . Thanks & Regards, Afrina Alam Senior Product Architect - IGNITE Quality Platform GBS Quality Engineering (IGNITE) | IBM Services Mobile : +919590751286 | Email : ***@***.******@***.***> Slack : @***. Webex : https://ibm.webex.com/meet/afrialam Linked : https://www.linkedin.com/in/afrina-alam/ From: John Bauer ***@***.***> Date: Wednesday, 11 January 2023 at 2:12 PM To: stanfordnlp/CoreNLP ***@***.***> Cc: Afrina Alam *@.>, Comment @*.> Subject: [EXTERNAL] Re: [stanfordnlp/CoreNLP] Switching from Xalan to a secure alternative (Issue #1302) Is this because of xom? I don't think we use xalan directly. [john@ localhost CoreNLP]$ find src -name "java" -exec grep -H --ignore-case "xalan" "{}" ";" [john@ localhost CoreNLP]$ If so, please see: #1264 I hope to make a new release end of ZjQcmQRYFpfptBannerStart This Message Is From an External Sender This message came from outside your organization. ZjQcmQRYFpfptBannerEnd Is this because of xom? I don't think we use xalan directly. ***@. CoreNLP]$ find src -name "java" -exec grep -H --ignore-case "xalan" "{}" ";" ***@. CoreNLP]$ If so, please see: #1264 < #1264 > I hope to make a new release end of next week or start of the week after. There are a couple other changes I need to discuss with my PI, and I don't think we'll meet until then. In the meantime, you can compile from the dev branch if this is critical — Reply to this email directly, view it on GitHub<#1302 (comment)>, or unsubscribe< https://github.com/notifications/unsubscribe-auth/ASBYL4IH463IBFS46ZB7IH3WRZXAFANCNFSM6AAAAAAQLRTFVE >. You are receiving this because you commented.Message ID: ***@.>
8条答案
按热度按时间zz2j4svz1#
Any Update team on this ..?? This is critical from vulnerabilities perspective
omtl5h9j2#
这是因为xom吗?我不认为我们直接使用xalan。
如果是这样,请查看:#1264
我希望在下周结束或下周开始时发布一个新版本。还有其他一些更改需要与我的PI讨论,我不认为我们会在那之前见面。在此期间,如果您觉得这是关键问题,可以从开发分支进行编译。
0tdrvxhp3#
Thank you John Appreciate your quick response on this . Thanks & Regards, Afrina Alam Senior Product Architect - IGNITE Quality Platform GBS Quality Engineering (IGNITE) | IBM Services Mobile : +919590751286 | Email : ***@***.******@***.***> Slack : @***. Webex : https://ibm.webex.com/meet/afrialam Linked : https://www.linkedin.com/in/afrina-alam/ From: John Bauer ***@***.***> Date: Wednesday, 11 January 2023 at 2:12 PM To: stanfordnlp/CoreNLP ***@***.***> Cc: Afrina Alam *@.>, Comment @*.> Subject: [EXTERNAL] Re: [stanfordnlp/CoreNLP] Switching from Xalan to a secure alternative (Issue #1302) Is this because of xom? I don't think we use xalan directly. [john@ localhost CoreNLP]$ find src -name "java" -exec grep -H --ignore-case "xalan" "{}" ";" [john@ localhost CoreNLP]$ If so, please see: #1264 I hope to make a new release end of ZjQcmQRYFpfptBannerStart This Message Is From an External Sender This message came from outside your organization. ZjQcmQRYFpfptBannerEnd Is this because of xom? I don't think we use xalan directly. ***@. CoreNLP]$ find src -name "java" -exec grep -H --ignore-case "xalan" "{}" ";" ***@. CoreNLP]$ If so, please see: #1264 < #1264 > I hope to make a new release end of next week or start of the week after. There are a couple other changes I need to discuss with my PI, and I don't think we'll meet until then. In the meantime, you can compile from the dev branch if this is critical — Reply to this email directly, view it on GitHub<#1302 (comment)>, or unsubscribe< https://github.com/notifications/unsubscribe-auth/ASBYL4IH463IBFS46ZB7IH3WRZXAFANCNFSM6AAAAAAQLRTFVE >. You are receiving this because you commented.Message ID: ***@.>
yh2wf1be4#
4.5.2现在有一个更新的xom依赖。您是否需要检查它是否符合您的需求?
ppcbkaq55#
在阅读those comments后,我将xalan从我的依赖项中排除。现在它不再显示了。
gmol16396#
看起来xalan仍然被包含在xom 1.3.8的依赖中。xom已经发布了1.3.9版本,完全移除了对xalan的依赖。请更新到xom 1.3.9。
ryhaxcpt7#
这已经是我们在开发分支中的事情了:
c8772b7
我们将在几周后发布一个更新版本。我们之前使用CoreNLP的项目有一些清理工作需要完成,我们希望同时发布这个项目。
7xllpg7q8#
他们几个月前发布了一个新的Xalan,我们发现SUTime中有一些特定的东西期待着XSLT,所以我们只是将其与最新的CoreNLP版本的Xalan修复版本一起保留。如果这仍然令人不满意,请告知我们