On 7/16/19, 11:59 AM, "Colm O hEigeartaigh" <[email protected]> wrote:
> This is a vote to release Apache Santuario - XML Security for Java 2.1.4. +1 Regarding the changes, is a decent summary of the places where there would be any use of the DocumentBuilder and any XML parsing by the library itself: - decrypting XML - particular Transform sequences that go from octet stream to DOM mid-transform ? My project is particular sensitive to the security considerations of ever allowing any other library to do XML parsing for obvious reasons. I wonder if there's a way we could inject our own via some kind of interface in a future version? Or would a patch for that be welcome? -- Scott
