Reporting a vulnerability

If you believe you found a vulnerability in Apache XalanJ, please contact the Apache Security Team.