IBM Security Bulletin: Open Source Apache Xalan-Java in Workplace XT

Apache Xalan-Java could allow a remote attacker to bypass security restrictions, caused by the improper handling of output properties. An attacker could exploit this vulnerability to bypass the secure processing feature to load arbitrary restricted classes....



from IBM Product Security Incident Response Team http://ibm.co/1sNqrrL