I found the following code in an old Java project. I would like to remove com.sun.org.apache.xalan.internal.xsltc.trax.TransformerFactoryImpl, because Apache Xalan has a security issue and it seems to be retired.
import javax.xml.transform.TransformerFactory;
TransformerFactory factory = TransformerFactory.newInstance("com.sun.org.apache.xalan.internal.xsltc.trax.TransformerFactoryImpl", SomeSVGDocument.class.getClassLoader());
Now I wonder if can switch to the following code:
TransformerFactory factory = TransformerFactory.newInstance();
Can I do that or do I need to search for a replacement for com.sun.org.apache.xalan.internal.xsltc.trax.TransformerFactoryImpl?
Yes, you can and should, for more info check this JavaDoc page. Most Java distributions like the Oracle JDK and OpenJDK now incorporates Xalan internally. So now there is no need for an external dependency to Apache Xalan. The version that most JDKs incorporate still implement XSLT version 1.0. The XSLT version 1.0 is not bad, but if you need additional XSLT processing functionality then you can consider something like SaxonJ which implements XSLT version 3.0.