[xsde-users] Information about xsde-3.3.0.a8

Sunnapu, Chitra Chitra.Sunnapu at philips.com
Fri Aug 16 05:59:08 EDT 2024 

Hi Boris,

Could you please help with information to following questions:
        * What is the expat version used with xsde-3.3.0.a8?
        * Where can I see the version of expat in the delivered patch?
        * What are the list of vulnerabilities associated with the expat version which is built at runtime with xsde-3.3.0.a8?

Thanks in advance

Kind regards,
Chitra

-----Original Message-----
From: Boris Kolpackov <boris at codesynthesis.com>
Sent: 2024 Aug 15 7:57 AM
To: Sunnapu, Chitra <Chitra.Sunnapu at philips.com>
Cc: xsde-users at codesynthesis.com
Subject: Re: [xsde-users] Information about xsde-3.3.0.a8

[You don't often get email from boris at codesynthesis.com. Learn why this is important at https://aka.ms/LearnAboutSenderIdentification ]

Caution: This e-mail originated from outside of Philips, be careful for phishing.


Hi Chitra,

Sunnapu, Chitra <Chitra.Sunnapu at philips.com> writes:

> In addition to this, could you please confirm if there are any known
> security vulnerabilities associated with this pre-release version?

There are no known security vulnerabilities in XSD/e itself but several were discovered in Expat (which is bundled with the XSD/e runtime). You have two options to resolve them:

1. Use external Expat, for example, from your system or by building
   the latest version from source.

2. Apply the cumulative patch to the bundled Expat:

   https://codesynthesis.com/~boris/tmp/xsde/xsde-genx-expat-patch-7.zip

   Naturally, this patch will be included in the final release.

________________________________
The information contained in this message may be confidential and legally protected under applicable law. The message is intended solely for the addressee(s). If you are not the intended recipient, you are hereby notified that any use, forwarding, dissemination, or reproduction of this message is strictly prohibited and may be unlawful. If you are not the intended recipient, please contact the sender by return e-mail and destroy all copies of the original message.

More information about the xsde-users mailing list