Skip to content

Release 2.1.1
Compare
Choose a tag to compare
@siimsuu1 siimsuu1 released this 09 Nov 13:22
· 600 commits to master since this release
public-2.1.1
7c3e981

Summary of the major changes since 2.1.0

  • Updated dependency libraries to latest versions for security purposes
  • Started to use DSS version 5.2.1 (sd-dss.5.2.d4j.4)

Known issues

While upgrading, be sure that your integration :

  • doesn't use Xalan or XercesImpl dependencies
  • uses a patched Java version (JDK7u40+, JDK8 or higher)

Xalan and XercesImpl were used to patch XML vulnerabilities in older java versions. They should be discarded with higher versions because they override default Java XML security.
If it is not possible to remove Xalan, then you can set your system property to override TransformerFactory : System.setProperty("javax.xml.transform.TransformerFactory","com.sun.org.apache.xalan.internal.xsltc.trax.TransformerFactoryImpl");

Assets 5
Loading