[EXT] Re: Re: [xsde-users] Codesynthesis XSDE security
vulnerabilities database
Boris Kolpackov
boris at codesynthesis.com
Tue Dec 17 02:52:02 EST 2024
Yegnaram, Shrikant <SYegnaram at cls-bank.com> writes:
> There are bunch of vulnerabilities listed on nvd website for 2.1 expat
> release. Specifically looking if CVE-2016-0718 for expat was fixed in
> Codesynthesis XSD/e 3.2.0 release?
No, XSD/e was released before that vulnerability was discovered. However,
you can patch it to fix this (and all other known to this point) CVEs
by applying this patch:
https://codesynthesis.com/~boris/tmp/xsde/xsde-genx-expat-patch-8.zip
Specifically, replace the files in your XSD/e 3.2.0 distribution with
the files in this archive, rebuild libxsde, and rebuild your application.
> If not, what is the plan for a new XSD/e release with the fixes for
> libexpat vulnerabilities.
We plan to release 3.3.0 with these fixes in the new year.
More information about the xsde-users
mailing list