CoreNLP 从Xalan切换到安全的替代方案 ```markdown 从Xalan切换到安全的替代方案 ```

dxpyg8gm  于 5个月前  发布在  其他
关注(0)|答案(8)|浏览(72)

核心NLP在latest version中使用xalan:xalan作为依赖关系,已知存在几个漏洞。由于该项目已被弃用,不再提供修复。
建议切换到仍在维护的替代方案。一个替代方案是Saxon XSLT,因为它似乎是Xalan项目的继任者。

zz2j4svz

zz2j4svz1#

Any Update team on this ..?? This is critical from vulnerabilities perspective

omtl5h9j

omtl5h9j2#

这是因为xom吗?我不认为我们直接使用xalan。
如果是这样,请查看:#1264
我希望在下周结束或下周开始时发布一个新版本。还有其他一些更改需要与我的PI讨论,我不认为我们会在那之前见面。在此期间,如果您觉得这是关键问题,可以从开发分支进行编译。

0tdrvxhp

0tdrvxhp3#

Thank you John Appreciate your quick response on this . Thanks & Regards, Afrina Alam Senior Product Architect - IGNITE Quality Platform GBS Quality Engineering (IGNITE) | IBM Services Mobile : +919590751286 | Email : ***@***.******@***.***> Slack : @***. Webex : https://ibm.webex.com/meet/afrialam Linked : https://www.linkedin.com/in/afrina-alam/ From: John Bauer ***@***.***> Date: Wednesday, 11 January 2023 at 2:12 PM To: stanfordnlp/CoreNLP ***@***.***> Cc: Afrina Alam *@.>, Comment @*.> Subject: [EXTERNAL] Re: [stanfordnlp/CoreNLP] Switching from Xalan to a secure alternative (Issue #1302) Is this because of xom? I don't think we use xalan directly. [john@ localhost CoreNLP]$ find src -name "java" -exec grep -H --ignore-case "xalan" "{}" ";" [john@ localhost CoreNLP]$ If so, please see: #1264 I hope to make a new release end of ZjQcmQRYFpfptBannerStart This Message Is From an External Sender This message came from outside your organization. ZjQcmQRYFpfptBannerEnd Is this because of xom? I don't think we use xalan directly. ***@. CoreNLP]$ find src -name "java" -exec grep -H --ignore-case "xalan" "{}" ";" ***@. CoreNLP]$ If so, please see: #1264 < #1264 > I hope to make a new release end of next week or start of the week after. There are a couple other changes I need to discuss with my PI, and I don't think we'll meet until then. In the meantime, you can compile from the dev branch if this is critical — Reply to this email directly, view it on GitHub<#1302 (comment)>, or unsubscribe< https://github.com/notifications/unsubscribe-auth/ASBYL4IH463IBFS46ZB7IH3WRZXAFANCNFSM6AAAAAAQLRTFVE >. You are receiving this because you commented.Message ID: ***@.>

yh2wf1be

yh2wf1be4#

4.5.2现在有一个更新的xom依赖。您是否需要检查它是否符合您的需求?

ppcbkaq5

ppcbkaq55#

在阅读those comments后,我将xalan从我的依赖项中排除。现在它不再显示了。

gmol1639

gmol16396#

看起来xalan仍然被包含在xom 1.3.8的依赖中。xom已经发布了1.3.9版本,完全移除了对xalan的依赖。请更新到xom 1.3.9。

ryhaxcpt

ryhaxcpt7#

这已经是我们在开发分支中的事情了:
c8772b7
我们将在几周后发布一个更新版本。我们之前使用CoreNLP的项目有一些清理工作需要完成,我们希望同时发布这个项目。

7xllpg7q

7xllpg7q8#

他们几个月前发布了一个新的Xalan,我们发现SUTime中有一些特定的东西期待着XSLT,所以我们只是将其与最新的CoreNLP版本的Xalan修复版本一起保留。如果这仍然令人不满意,请告知我们

相关问题