Re: [xsl] Saxon vulnerability

Cart

XML Editor - Download a Free Trial >

See What's New >

Buy Now >

[Home] [By Thread] [By Date] [Recent Entries]

Subject: Re: Saxon vulnerability
From: "Michael Kay michaelkay90@xxxxxxxxx" <xsl-list-service@xxxxxxxxxxxxxxxxxxxxxx>
Date: Fri, 7 Mar 2025 21:57:17 -0000

> Is a call to parse-xml being done "behind the scene" by any popular
applications that might be using Saxon internally, such as Oxygen and or some
XSLT/XPath extensions to VS.Code?
>
> If so, we should probably also be cautious to use these, before this
vulnerability has been fixed and they confirm that they are no-longer using
the affected previous versions of Saxon.
>

It's only relevant if stylesheet or query code is allowed to be executed on a
machine that's not controlled by the stylesheet or query author, so most
development environments are unlikely to be affected.

Michael Kay
Saxonica

Current Thread

Saxon vulnerability
- Michael Kay michaelkay90@xxxxxxxxx - 7 Mar 2025 20:09:18 -0000
  - Dimitre Novatchev dnovatchev@xxxxxxxxx - 7 Mar 2025 21:08:19 -0000
    - Michael Kay michaelkay90@xxxxxxxxx - 7 Mar 2025 21:57:17 -0000 <=
      - Roger L Costello costello@xxxxxxxxx - 8 Mar 2025 12:55:28 -0000
      - Martin Honnen martin.honnen@xxxxxx - 8 Mar 2025 13:30:01 -0000
      - Roger L Costello costello@xxxxxxxxx - 8 Mar 2025 13:50:39 -0000
      - Martin Honnen martin.honnen@xxxxxx - 8 Mar 2025 14:19:09 -0000

<- Previous	Index	Next ->
Re: Saxon vulnerability, Dimitre Novatchev dn	Thread	Re: Saxon vulnerability, Roger L Costello cos
Re: Saxon vulnerability, Dimitre Novatchev dn	Date	Re: Saxon vulnerability, Roger L Costello cos
	Month

XML Editor - Download a 15 Day Free Trial Now >

See What's New in Stylus Studio >

Buy Stylus Studio - XML Editor - Now >