This is a test-only dependency.

      Resolves https://nvd.nist.gov/vuln/detail/CVE-2022-34169

            [WFLY-18007] Upgrade xalan to 2.7.3 (CVE-2022-34169)

            Bulk closing issues resolved in the 29.0.0.Final release.

            Brian Stansberry added a comment - Bulk closing issues resolved in the 29.0.0.Final release.

            Farah Juma added a comment -

            It turns out that we just needed to add a plugin dependency on xalan:serializer as xalan:xalan:2.7.3 no longer brings it transitively. Thanks bstansbe@redhat.com for finding that!

            Farah Juma added a comment - It turns out that we just needed to add a plugin dependency on xalan:serializer as xalan:xalan:2.7.3 no longer brings it transitively. Thanks bstansbe@redhat.com for finding that!

            Farah Juma added a comment -

            The hoped for fix for this is WFLY-17963. More details can also be found in this Zulip thread.

            Farah Juma added a comment - The hoped for fix for this is WFLY-17963 . More details can also be found in this Zulip thread .

            Farah Juma added a comment -

            Upgrading from xalan 2.7.1 to 2.7.2 succeeds but upgrading to 2.7.3 results in the following error:

            An Ant BuildException has occured: The following error occurred while executing this line:
            [ERROR] /home/fjuma/Documents/wildfly/testsuite/integration/src/test/scripts/iiop-build.xml:13: The following error occurred while executing this line:
            [ERROR] /home/fjuma/Documents/wildfly/testsuite/integration/src/test/scripts/common-targets.xml:177: java.lang.NoClassDefFoundError: org/apache/xml/serializer/SerializerTrace
            [ERROR] around Ant part ...<ant antfile="/home/fjuma/Documents/wildfly/testsuite/integration/iiop/../src/test/scripts/iiop-build.xml">... @ 4:127 in /home/fjuma/Documents/wildfly/testsuite/integration/iiop/target/antrun/build-main.xml
            

             

            Farah Juma added a comment - Upgrading from xalan 2.7.1 to 2.7.2 succeeds but upgrading to 2.7.3 results in the following error: An Ant BuildException has occured: The following error occurred while executing this line: [ERROR] /home/fjuma/Documents/wildfly/testsuite/integration/src/test/scripts/iiop-build.xml:13: The following error occurred while executing this line: [ERROR] /home/fjuma/Documents/wildfly/testsuite/integration/src/test/scripts/common-targets.xml:177: java.lang.NoClassDefFoundError: org/apache/xml/serializer/SerializerTrace [ERROR] around Ant part ...<ant antfile= "/home/fjuma/Documents/wildfly/testsuite/integration/iiop/../src/test/scripts/iiop-build.xml" >... @ 4:127 in /home/fjuma/Documents/wildfly/testsuite/integration/iiop/target/antrun/build-main.xml  

              fjuma1@redhat.com Farah Juma
              fjuma1@redhat.com Farah Juma
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated:
                Resolved: