August 2009 Report
We're still making good progress on support for XML Schema 1.1. At the moment the developers are discussing the design and working on the implementation of "inheritable attributes" for the new conditional type assignment feature introduced in XML Schema 1.1. Google Summer of Code (GSoC) is now wrapping up. Richard Kelly (our student) has completed support for character normalization (relying on ICU4J) and has posted patches for us to review. We're looking forward to integrating his contributions into the trunk and making this capability available in the next Xerces-J release.
The security vulnerability reported by CERT-FI in a recent advisory has been fixed and can be applied as a patch against the source of earlier releases. Users can also work around the issue by enabling the "disallow-doctype-decl" feature which rejects any document containing a DOCTYPE before reading it.
There's been lots of development activity lately, particularly with fixing JIRA issues. CERT-FI notified us about a security vulnerability which we fixed before they formally announced it to the public this month. A patch is available for users. No releases are planned for this time.
Nothing in particular to report. There was no development activity over the reporting period.
There was some discussion in late May / early June about a proposal for adding a new component for a simple ease of use API for processing XML. It turned out that something close to this idea already existed in the commons.apache.org project (http://commons.apache.org/configuration/). A couple new bug reports were opened against the XML Commons Resolver, otherwise no other activity to report for this period.
Gareth is stepping down as PMC chair. He's nominated Michael Glavassevich to become the next chair and has started a vote which was still going on at the time of this report.