[xsde-users] Information about xsde-3.3.0.a8

[Sunnapu, Chitra]

Hi Boris,

Could you provide the release date for final release which would include the patch. So I can take decision whether to wait or to apply the patch.

Kind regards,
Chitra

-----Original Message-----
From: Boris Kolpackov <boris at codesynthesis.com>
Sent: 2024 Aug 15 7:57 AM
To: Sunnapu, Chitra <Chitra.Sunnapu at philips.com>
Cc: xsde-users at codesynthesis.com
Subject: Re: [xsde-users] Information about xsde-3.3.0.a8

[You don't often get email from boris at codesynthesis.com. Learn why this is important at https://aka.ms/LearnAboutSenderIdentification ]

Caution: This e-mail originated from outside of Philips, be careful for phishing.


Hi Chitra,

Sunnapu, Chitra <Chitra.Sunnapu at philips.com> writes:

> In addition to this, could you please confirm if there are any known
> security vulnerabilities associated with this pre-release version?

There are no known security vulnerabilities in XSD/e itself but several were discovered in Expat (which is bundled with the XSD/e runtime). You have two options to resolve them:

1. Use external Expat, for example, from your system or by building
   the latest version from source.

2. Apply the cumulative patch to the bundled Expat:

   https://codesynthesis.com/~boris/tmp/xsde/xsde-genx-expat-patch-7.zip

   Naturally, this patch will be included in the final release.

________________________________
The information contained in this message may be confidential and legally protected under applicable law. The message is intended solely for the addressee(s). If you are not the intended recipient, you are hereby notified that any use, forwarding, dissemination, or reproduction of this message is strictly prohibited and may be unlawful. If you are not the intended recipient, please contact the sender by return e-mail and destroy all copies of the original message.