From Chitra.Sunnapu at philips.com Thu Aug 8 09:25:49 2024 From: Chitra.Sunnapu at philips.com (Sunnapu, Chitra) Date: Tue Aug 13 10:47:30 2024 Subject: [xsde-users] Information about xsde-3.3.0.a8 In-Reply-To: References: Message-ID: Hi Boris, Thank you for the information regarding version 3.3.0.a8 being a pre-release for the upcoming 3.3.0 version. In addition to this, could you please confirm if there are any known security vulnerabilities associated with this pre-release version? Ensuring the security of our systems is a top priority, and any details on this would be very helpful. I appreciate your assistance and look forward to your response. Best regards, Chitra Sunnapu Software Developer Digital Pathology Solutions Philips -----Original Message----- From: Boris Kolpackov Sent: 2024 Jul 18 4:52 PM To: Sunnapu, Chitra Cc: xsde-users@codesynthesis.com Subject: Re: [xsde-users] Information about xsde-3.3.0.a8 [You don't often get email from boris@codesynthesis.com. Learn why this is important at https://aka.ms/LearnAboutSenderIdentification ] Caution: This e-mail originated from outside of Philips, be careful for phishing. Sunnapu, Chitra writes: > I see our project uses XSDe version 'xsde-3.3.0.a8'. I am trying to > understand this version. > > * Is this a custom version delivered to us? > * or is there some other link in your website we can download? Version 3.3.0.a8 is a pre-release for the upcoming 3.3.0 release. Pre- releases are publicly available and can be found at: https://codesynthesis.com/~boris/tmp/xsde/ ________________________________ The information contained in this message may be confidential and legally protected under applicable law. The message is intended solely for the addressee(s). If you are not the intended recipient, you are hereby notified that any use, forwarding, dissemination, or reproduction of this message is strictly prohibited and may be unlawful. If you are not the intended recipient, please contact the sender by return e-mail and destroy all copies of the original message. From boris at codesynthesis.com Thu Aug 15 01:57:06 2024 From: boris at codesynthesis.com (Boris Kolpackov) Date: Thu Aug 15 01:56:37 2024 Subject: [xsde-users] Information about xsde-3.3.0.a8 In-Reply-To: References: Message-ID: Hi Chitra, Sunnapu, Chitra writes: > In addition to this, could you please confirm if there are any > known security vulnerabilities associated with this pre-release > version? There are no known security vulnerabilities in XSD/e itself but several were discovered in Expat (which is bundled with the XSD/e runtime). You have two options to resolve them: 1. Use external Expat, for example, from your system or by building the latest version from source. 2. Apply the cumulative patch to the bundled Expat: https://codesynthesis.com/~boris/tmp/xsde/xsde-genx-expat-patch-7.zip Naturally, this patch will be included in the final release. From Chitra.Sunnapu at philips.com Thu Aug 15 05:32:58 2024 From: Chitra.Sunnapu at philips.com (Sunnapu, Chitra) Date: Thu Aug 22 04:15:30 2024 Subject: [xsde-users] Information about xsde-3.3.0.a8 In-Reply-To: References: Message-ID: Hi Boris, Could you provide the release date for final release which would include the patch. So I can take decision whether to wait or to apply the patch. Kind regards, Chitra -----Original Message----- From: Boris Kolpackov Sent: 2024 Aug 15 7:57 AM To: Sunnapu, Chitra Cc: xsde-users@codesynthesis.com Subject: Re: [xsde-users] Information about xsde-3.3.0.a8 [You don't often get email from boris@codesynthesis.com. Learn why this is important at https://aka.ms/LearnAboutSenderIdentification ] Caution: This e-mail originated from outside of Philips, be careful for phishing. Hi Chitra, Sunnapu, Chitra writes: > In addition to this, could you please confirm if there are any known > security vulnerabilities associated with this pre-release version? There are no known security vulnerabilities in XSD/e itself but several were discovered in Expat (which is bundled with the XSD/e runtime). You have two options to resolve them: 1. Use external Expat, for example, from your system or by building the latest version from source. 2. Apply the cumulative patch to the bundled Expat: https://codesynthesis.com/~boris/tmp/xsde/xsde-genx-expat-patch-7.zip Naturally, this patch will be included in the final release. ________________________________ The information contained in this message may be confidential and legally protected under applicable law. The message is intended solely for the addressee(s). If you are not the intended recipient, you are hereby notified that any use, forwarding, dissemination, or reproduction of this message is strictly prohibited and may be unlawful. If you are not the intended recipient, please contact the sender by return e-mail and destroy all copies of the original message. From Chitra.Sunnapu at philips.com Fri Aug 16 05:59:08 2024 From: Chitra.Sunnapu at philips.com (Sunnapu, Chitra) Date: Thu Aug 22 04:15:30 2024 Subject: [xsde-users] Information about xsde-3.3.0.a8 In-Reply-To: References: Message-ID: Hi Boris, Could you please help with information to following questions: * What is the expat version used with xsde-3.3.0.a8? * Where can I see the version of expat in the delivered patch? * What are the list of vulnerabilities associated with the expat version which is built at runtime with xsde-3.3.0.a8? Thanks in advance Kind regards, Chitra -----Original Message----- From: Boris Kolpackov Sent: 2024 Aug 15 7:57 AM To: Sunnapu, Chitra Cc: xsde-users@codesynthesis.com Subject: Re: [xsde-users] Information about xsde-3.3.0.a8 [You don't often get email from boris@codesynthesis.com. Learn why this is important at https://aka.ms/LearnAboutSenderIdentification ] Caution: This e-mail originated from outside of Philips, be careful for phishing. Hi Chitra, Sunnapu, Chitra writes: > In addition to this, could you please confirm if there are any known > security vulnerabilities associated with this pre-release version? There are no known security vulnerabilities in XSD/e itself but several were discovered in Expat (which is bundled with the XSD/e runtime). You have two options to resolve them: 1. Use external Expat, for example, from your system or by building the latest version from source. 2. Apply the cumulative patch to the bundled Expat: https://codesynthesis.com/~boris/tmp/xsde/xsde-genx-expat-patch-7.zip Naturally, this patch will be included in the final release. ________________________________ The information contained in this message may be confidential and legally protected under applicable law. The message is intended solely for the addressee(s). If you are not the intended recipient, you are hereby notified that any use, forwarding, dissemination, or reproduction of this message is strictly prohibited and may be unlawful. If you are not the intended recipient, please contact the sender by return e-mail and destroy all copies of the original message.