diff --git a/README.en.md b/README.en.md
deleted file mode 100644
index f8e8b5d..0000000
--- a/README.en.md
+++ /dev/null
@@ -1,36 +0,0 @@
-# xalan-j2
-
-#### Description
-{**When you're done, you can delete the content in this README and update the file with details for others getting started with your repository**}
-
-#### Software Architecture
-Software architecture description
-
-#### Installation
-
-1. xxxx
-2. xxxx
-3. xxxx
-
-#### Instructions
-
-1. xxxx
-2. xxxx
-3. xxxx
-
-#### Contribution
-
-1. Fork the repository
-2. Create Feat_xxx branch
-3. Commit your code
-4. Create Pull Request
-
-
-#### Gitee Feature
-
-1. You can use Readme\_XXX.md to support different languages, such as Readme\_en.md, Readme\_zh.md
-2. Gitee blog [blog.gitee.com](https://blog.gitee.com)
-3. Explore open source project [https://gitee.com/explore](https://gitee.com/explore)
-4. The most valuable open source project [GVP](https://gitee.com/gvp)
-5. The manual of Gitee [https://gitee.com/help](https://gitee.com/help)
-6. The most popular members [https://gitee.com/gitee-stars/](https://gitee.com/gitee-stars/)
diff --git a/README.md b/README.md
deleted file mode 100644
index 3c1d15b..0000000
--- a/README.md
+++ /dev/null
@@ -1,39 +0,0 @@
-# xalan-j2
-
-#### 介绍
-{**以下是码云平台说明,您可以替换此简介**
-码云是 OSCHINA 推出的基于 Git 的代码托管平台(同时支持 SVN)。专为开发者提供稳定、高效、安全的云端软件开发协作平台
-无论是个人、团队、或是企业,都能够用码云实现代码托管、项目管理、协作开发。企业项目请看 [https://gitee.com/enterprises](https://gitee.com/enterprises)}
-
-#### 软件架构
-软件架构说明
-
-
-#### 安装教程
-
-1. xxxx
-2. xxxx
-3. xxxx
-
-#### 使用说明
-
-1. xxxx
-2. xxxx
-3. xxxx
-
-#### 参与贡献
-
-1. Fork 本仓库
-2. 新建 Feat_xxx 分支
-3. 提交代码
-4. 新建 Pull Request
-
-
-#### 码云特技
-
-1. 使用 Readme\_XXX.md 来支持不同的语言,例如 Readme\_en.md, Readme\_zh.md
-2. 码云官方博客 [blog.gitee.com](https://blog.gitee.com)
-3. 你可以 [https://gitee.com/explore](https://gitee.com/explore) 这个地址来了解码云上的优秀开源项目
-4. [GVP](https://gitee.com/gvp) 全称是码云最有价值开源项目,是码云综合评定出的优秀开源项目
-5. 码云官方提供的使用手册 [https://gitee.com/help](https://gitee.com/help)
-6. 码云封面人物是一档用来展示码云会员风采的栏目 [https://gitee.com/gitee-stars/](https://gitee.com/gitee-stars/)
diff --git a/generate-tarball.sh b/generate-tarball.sh
new file mode 100644
index 0000000..bee814c
--- /dev/null
+++ b/generate-tarball.sh
@@ -0,0 +1,22 @@
+#!/bin/bash
+set -e
+
+name=xalan-j2
+version="$(sed -n 's/Version:\s*//p' *.spec)"
+
+# RETRIEVE
+wget "http://archive.apache.org/dist/xml/xalan-j/xalan-j_${version//./_}-src.tar.gz" -O "${name}-${version}.orig.tar.gz"
+
+rm -rf tarball-tmp
+mkdir tarball-tmp
+cd tarball-tmp
+tar xf "../${name}-${version}.orig.tar.gz"
+
+# CLEAN TARBALL
+find -name '*.jar' -delete
+find -name '*.class' -delete
+rm */src/*.tar.gz
+
+tar cf "../${name}-${version}.tar.gz" *
+cd ..
+rm -r tarball-tmp "${name}-${version}.orig.tar.gz"
diff --git a/serializer-2.7.1.pom b/serializer-2.7.1.pom
new file mode 100644
index 0000000..79b0027
--- /dev/null
+++ b/serializer-2.7.1.pom
@@ -0,0 +1,39 @@
+
+
+
+ 4.0.0
+
+ org.apache
+ apache
+ 4
+
+
+ xalan
+ serializer
+ 2.7.1
+
+ Xalan Java Serializer
+
+ Serializer to write out XML, HTML etc. as a stream of characters from an input DOM or from input
+ SAX events.
+
+ http://xml.apache.org/xalan-j/
+
+
+
+ xml-apis
+ xml-apis
+ 1.3.04
+
+
+ xerces
+ xercesImpl
+ 2.9.0
+ true
+
+
+
+
\ No newline at end of file
diff --git a/xalan-2.7.1.pom b/xalan-2.7.1.pom
new file mode 100644
index 0000000..b4a56e9
--- /dev/null
+++ b/xalan-2.7.1.pom
@@ -0,0 +1,41 @@
+
+
+
+ 4.0.0
+
+ org.apache
+ apache
+ 4
+
+
+ xalan
+ xalan
+ 2.7.1
+
+ Xalan Java
+
+ Xalan-Java is an XSLT processor for transforming XML documents into HTML,
+ text, or other XML document types. It implements XSL Transformations (XSLT)
+ Version 1.0 and XML Path Language (XPath) Version 1.0 and can be used from
+ the command line, in an applet or a servlet, or as a module in other program.
+
+ http://xml.apache.org/xalan-j/
+
+
+
+ xalan
+ serializer
+ 2.7.1
+
+
+ xerces
+ xercesImpl
+ 2.9.0
+ true
+
+
+
+
\ No newline at end of file
diff --git a/xalan-j2-2.7.1.tar.gz b/xalan-j2-2.7.1.tar.gz
new file mode 100644
index 0000000..9b0a3b0
Binary files /dev/null and b/xalan-j2-2.7.1.tar.gz differ
diff --git a/xalan-j2-CVE-2014-0107.patch b/xalan-j2-CVE-2014-0107.patch
new file mode 100644
index 0000000..3358f60
--- /dev/null
+++ b/xalan-j2-CVE-2014-0107.patch
@@ -0,0 +1,148 @@
+diff --git a/src/org/apache/xalan/processor/TransformerFactoryImpl.java b/src/org/apache/xalan/processor/TransformerFactoryImpl.java
+index 1298943..96a5e58 100644
+--- a/src/org/apache/xalan/processor/TransformerFactoryImpl.java
++++ b/src/org/apache/xalan/processor/TransformerFactoryImpl.java
+@@ -335,6 +335,10 @@ public class TransformerFactoryImpl extends SAXTransformerFactory
+ reader = XMLReaderFactory.createXMLReader();
+ }
+
++ if(m_isSecureProcessing)
++ {
++ reader.setFeature("http://xml.org/sax/features/external-general-entities",false);
++ }
+ // Need to set options!
+ reader.setContentHandler(handler);
+ reader.parse(isource);
+diff --git a/src/org/apache/xalan/processor/XSLTElementProcessor.java b/src/org/apache/xalan/processor/XSLTElementProcessor.java
+index b946743..17b7395 100644
+--- a/src/org/apache/xalan/processor/XSLTElementProcessor.java
++++ b/src/org/apache/xalan/processor/XSLTElementProcessor.java
+@@ -338,17 +338,31 @@ public class XSLTElementProcessor extends ElemTemplateElement
+ }
+ else
+ {
+- // Can we switch the order here:
+-
+- boolean success = attrDef.setAttrValue(handler, attrUri, attrLocalName,
+- attributes.getQName(i), attributes.getValue(i),
+- target);
+-
+- // Now we only add the element if it passed a validation check
+- if (success)
+- processedDefs.add(attrDef);
+- else
+- errorDefs.add(attrDef);
++ //handle secure processing
++ if(handler.getStylesheetProcessor()==null)
++ System.out.println("stylesheet processor null");
++ if(attrDef.getName().compareTo("*")==0 && handler.getStylesheetProcessor().isSecureProcessing())
++ {
++ //foreign attributes are not allowed in secure processing mode
++ // Then barf, because this element does not allow this attribute.
++ handler.error(XSLTErrorResources.ER_ATTR_NOT_ALLOWED, new Object[]{attributes.getQName(i), rawName}, null);//"\""+attributes.getQName(i)+"\""
++ //+ " attribute is not allowed on the " + rawName
++ // + " element!", null);
++ }
++ else
++ {
++
++
++ boolean success = attrDef.setAttrValue(handler, attrUri, attrLocalName,
++ attributes.getQName(i), attributes.getValue(i),
++ target);
++
++ // Now we only add the element if it passed a validation check
++ if (success)
++ processedDefs.add(attrDef);
++ else
++ errorDefs.add(attrDef);
++ }
+ }
+ }
+
+diff --git a/src/org/apache/xalan/transformer/TransformerImpl.java b/src/org/apache/xalan/transformer/TransformerImpl.java
+index dd0d4d9..0906d24 100644
+--- a/src/org/apache/xalan/transformer/TransformerImpl.java
++++ b/src/org/apache/xalan/transformer/TransformerImpl.java
+@@ -438,7 +438,9 @@ public class TransformerImpl extends Transformer
+ try
+ {
+ if (sroot.getExtensions() != null)
+- m_extensionsTable = new ExtensionsTable(sroot);
++ //only load extensions if secureProcessing is disabled
++ if(!sroot.isSecureProcessing())
++ m_extensionsTable = new ExtensionsTable(sroot);
+ }
+ catch (javax.xml.transform.TransformerException te)
+ {te.printStackTrace();}
+diff --git a/src/org/apache/xpath/functions/FuncSystemProperty.java b/src/org/apache/xpath/functions/FuncSystemProperty.java
+index 4bea356..78ac980 100644
+--- a/src/org/apache/xpath/functions/FuncSystemProperty.java
++++ b/src/org/apache/xpath/functions/FuncSystemProperty.java
+@@ -58,7 +58,7 @@ public class FuncSystemProperty extends FunctionOneArg
+
+ String fullName = m_arg0.execute(xctxt).str();
+ int indexOfNSSep = fullName.indexOf(':');
+- String result;
++ String result = null;
+ String propName = "";
+
+ // List of properties where the name of the
+@@ -98,14 +98,20 @@ public class FuncSystemProperty extends FunctionOneArg
+
+ try
+ {
+- result = System.getProperty(propName);
+-
+- if (null == result)
+- {
+-
+- // result = System.getenv(propName);
+- return XString.EMPTYSTRING;
+- }
++ //if secure procession is enabled only handle required properties do not not map any valid system property
++ if(!xctxt.isSecureProcessing())
++ {
++ result = System.getProperty(propName);
++ }
++ else
++ {
++ warn(xctxt, XPATHErrorResources.WG_SECURITY_EXCEPTION,
++ new Object[]{ fullName }); //"SecurityException when trying to access XSL system property: "+fullName);
++ }
++ if (null == result)
++ {
++ return XString.EMPTYSTRING;
++ }
+ }
+ catch (SecurityException se)
+ {
+@@ -120,14 +126,20 @@ public class FuncSystemProperty extends FunctionOneArg
+ {
+ try
+ {
+- result = System.getProperty(fullName);
+-
+- if (null == result)
+- {
+-
+- // result = System.getenv(fullName);
+- return XString.EMPTYSTRING;
+- }
++ //if secure procession is enabled only handle required properties do not not map any valid system property
++ if(!xctxt.isSecureProcessing())
++ {
++ result = System.getProperty(fullName);
++ }
++ else
++ {
++ warn(xctxt, XPATHErrorResources.WG_SECURITY_EXCEPTION,
++ new Object[]{ fullName }); //"SecurityException when trying to access XSL system property: "+fullName);
++ }
++ if (null == result)
++ {
++ return XString.EMPTYSTRING;
++ }
+ }
+ catch (SecurityException se)
+ {
diff --git a/xalan-j2-MANIFEST.MF b/xalan-j2-MANIFEST.MF
new file mode 100644
index 0000000..f5d77cf
--- /dev/null
+++ b/xalan-j2-MANIFEST.MF
@@ -0,0 +1,75 @@
+Manifest-Version: 1.0
+Ant-Version: Apache Ant 1.8.2
+Created-By: 1.7.0_b147-icedtea (Oracle Corporation)
+Main-Class: org.apache.xalan.xslt.Process
+Bundle-ManifestVersion: 2
+Bundle-Name: %Bundle-Name.0
+Bundle-SymbolicName: org.apache.xalan
+Bundle-Version: 2.7.1
+Bundle-Vendor: %Bundle-Vendor.0
+Export-Package: org.apache.regexp;version="2.7.1",
+ org.apache.xalan;version="2.7.1",
+ org.apache.xalan.client;version="2.7.1",
+ org.apache.xalan.extensions;version="2.7.1",
+ org.apache.xalan.lib;version="2.7.1",
+ org.apache.xalan.lib.sql;version="2.7.1",
+ org.apache.xalan.processor;version="2.7.1",
+ org.apache.xalan.res;version="2.7.1",
+ org.apache.xalan.serialize;version="2.7.1",
+ org.apache.xalan.templates;version="2.7.1",
+ org.apache.xalan.trace;version="2.7.1",
+ org.apache.xalan.transformer;version="2.7.1",
+ org.apache.xalan.xslt;version="2.7.1",
+ org.apache.xalan.xsltc;version="2.7.1",
+ org.apache.xalan.xsltc.cmdline;version="2.7.1",
+ org.apache.xalan.xsltc.cmdline.getopt;version="2.7.1",
+ org.apache.xalan.xsltc.compiler;version="2.7.1",
+ org.apache.xalan.xsltc.compiler.util;version="2.7.1",
+ org.apache.xalan.xsltc.dom;version="2.7.1",
+ org.apache.xalan.xsltc.runtime;version="2.7.1",
+ org.apache.xalan.xsltc.runtime.output;version="2.7.1",
+ org.apache.xalan.xsltc.trax;version="2.7.1",
+ org.apache.xalan.xsltc.util;version="2.7.1",
+ org.apache.xml.dtm;version="2.7.1",
+ org.apache.xml.dtm.ref;version="2.7.1",
+ org.apache.xml.dtm.ref.dom2dtm;version="2.7.1",
+ org.apache.xml.dtm.ref.sax2dtm;version="2.7.1",
+ org.apache.xml.res;version="2.7.1",
+ org.apache.xml.utils;version="2.7.1",
+ org.apache.xml.utils.res;version="2.7.1",
+ org.apache.xpath;version="2.7.1",
+ org.apache.xpath.axes;version="2.7.1",
+ org.apache.xpath.compiler;version="2.7.1",
+ org.apache.xpath.domapi;version="2.7.1",
+ org.apache.xpath.functions;version="2.7.1",
+ org.apache.xpath.jaxp;version="2.7.1",
+ org.apache.xpath.objects;version="2.7.1",
+ org.apache.xpath.operations;version="2.7.1",
+ org.apache.xpath.patterns;version="2.7.1",
+ org.apache.xpath.res;version="2.7.1"
+Require-Bundle: system.bundle, org.apache.xerces
+Eclipse-BuddyPolicy: registered
+
+Name: org/apache/xalan/
+Comment: Main Xalan engine implementing TrAX/JAXP
+Specification-Title: Java API for XML Processing
+Specification-Vendor: Sun Microsystems Inc.
+Specification-Version: 1.3
+Implementation-Title: org.apache.xalan
+Implementation-Version: 2.7.1
+Implementation-Vendor: Apache Software Foundation
+Implementation-URL: http://xml.apache.org/xalan-j/dist/
+
+Name: org/apache/xml/
+Comment: DTM implementation and utilities
+Implementation-Title: org.apache.xml
+Implementation-Version: 2.7.1
+Implementation-Vendor: Apache Software Foundation
+Implementation-URL: http://xml.apache.org/xalan-j/dist/
+
+Name: org/apache/xpath/
+Comment: XPath engine
+Implementation-Title: org.apache.xpath
+Implementation-Version: 2.7.1
+Implementation-Vendor: Apache Software Foundation
+Implementation-URL: http://xml.apache.org/xalan-j/dist/
diff --git a/xalan-j2-noxsltcdeps.patch b/xalan-j2-noxsltcdeps.patch
new file mode 100644
index 0000000..9fcaa4e
--- /dev/null
+++ b/xalan-j2-noxsltcdeps.patch
@@ -0,0 +1,11 @@
+--- a/build.xml 2007-11-22 23:44:01.000000000 +0200
++++ b/build.xml 2010-04-07 13:32:31.878542610 +0300
+@@ -683,7 +683,7 @@ $Id: build.xml 563656 2007-08-07 21:12:1
+
+
+
+-
+
+
diff --git a/xalan-j2-serializer-MANIFEST.MF b/xalan-j2-serializer-MANIFEST.MF
new file mode 100644
index 0000000..436d24a
--- /dev/null
+++ b/xalan-j2-serializer-MANIFEST.MF
@@ -0,0 +1,10 @@
+Manifest-Version: 1.0
+Bundle-RequiredExecutionEnvironment: J2SE-1.2
+Bundle-SymbolicName: org.apache.xml.serializer
+Bundle-ManifestVersion: 2
+Bundle-Name: %Bundle-Name.0
+Bundle-Localization: plugin
+Bundle-Version: 2.7.1.v200806030322
+Bundle-Vendor: %Bundle-Vendor.0
+Export-Package: org.apache.xml.serializer,org.apache.xml.serializer.do
+ m3
diff --git a/xalan-j2.spec b/xalan-j2.spec
new file mode 100644
index 0000000..9bbb9cc
--- /dev/null
+++ b/xalan-j2.spec
@@ -0,0 +1,135 @@
+%global cvs_version 2_7_1
+%global xalan_data_dir %{buildroot}%{_datadir}/%{name}
+
+Name: xalan-j2
+Version: 2.7.1
+Release: 39
+Epoch: 0
+Summary: Java XSLT processor
+License: ASL 2.0 and W3C
+URL: http://xalan.apache.org/
+Source0: %{name}-%{version}.tar.gz
+Source1: http://repo1.maven.org/maven2/xalan/xalan/%{version}/xalan-%{version}.pom
+Source2: http://repo1.maven.org/maven2/xalan/serializer/%{version}/serializer-%{version}.pom
+Source3: xsltc-%{version}.pom
+Source4: %{name}-MANIFEST.MF
+Source5: %{name}-serializer-MANIFEST.MF
+Source6: generate-tarball.sh
+Patch0: %{name}-noxsltcdeps.patch
+Patch1: %{name}-CVE-2014-0107.patch
+
+
+BuildRequires: ant apache-parent bcel dos2unix glassfish-servlet-api java_cup
+BuildRequires: javapackages-local regexp sed xerces-j2 >= 0:2.7.1
+BuildRequires: xml-commons-apis >= 0:1.3
+Requires: glassfish-servlet-api xerces-j2
+
+BuildArch: noarch
+
+Provides: jaxp_transform_impl
+Provides: xalan-j2-demo
+Provides: xalan-j2-javadoc
+Provides: xalan-j2-manual
+Obsoletes: xalan-j2-demo
+Obsoletes: xalan-j2-javadoc
+Obsoletes: xalan-j2-manual
+
+%description
+Xalan is an XSLT processor for transforming XML documents into HTML,
+text, or other XML document types. It implements the W3C Recommendations
+for XSL Transformations (XSLT) and the XML Path Language (XPath). It can
+be used from the command line, in an applet or a servlet, or as a module
+in other program.
+
+
+%package xsltc
+Summary: Java XSLT compiler
+License: ASL 2.0
+Requires: bcel java_cup regexp xerces-j2
+
+%description xsltc
+The XSLT Compiler is a Java-based tool for compiling XSLT stylesheets
+into lightweight and portable Java byte codes called translets.
+
+
+%prep
+%autosetup -n xalan-j_%{cvs_version} -p1
+
+find . -name '*.jar' -exec rm -f {} \;
+find . -name '*.class' -exec rm -f {} \;
+
+sed -i '/