+1 Get Outlook for Android<https://aka.ms/ghei36>
________________________________ From: Cantor, Scott <[email protected]> Sent: Tuesday, July 16, 2019 10:19:07 AM To: [email protected]; [email protected] Subject: Re: [VOTE] - Release Apache Santuario - XML Security for Java 2.1.4 On 7/16/19, 11:59 AM, "Colm O hEigeartaigh" <[email protected]> wrote: > This is a vote to release Apache Santuario - XML Security for Java 2.1.4. +1 Regarding the changes, is a decent summary of the places where there would be any use of the DocumentBuilder and any XML parsing by the library itself: - decrypting XML - particular Transform sequences that go from octet stream to DOM mid-transform ? My project is particular sensitive to the security considerations of ever allowing any other library to do XML parsing for obvious reasons. I wonder if there's a way we could inject our own via some kind of interface in a future version? Or would a patch for that be welcome? -- Scott
