...
The security vulnerability reported by CERT-FI in a recent advisory has been fixed and can be applied as a patch against the source of earlier releases. Users can also work around the issue by enabling the "disallow-doctype-decl" feature which rejects any document containing a DOCTYPE before reading it.
Xerces-C
There's been lots of development activity lately, particularly with fixing JIRA issues. CERT-FI notified us about security vulnerability which we fixed before they formally announced it to the public this month. A patch is available for users. No releases are planned for this time.
Xerces-P
Nothing in particular to report. There was no development activity over the reporting period.
...