[jira] [Commented] (OFBIZ-12205) Upgrade Apache PDFBox to 2.0.23 because of CVE-2021-27807 and CVE-2021-27906

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

[jira] [Commented] (OFBIZ-12205) Upgrade Apache PDFBox to 2.0.23 because of CVE-2021-27807 and CVE-2021-27906

Nicolas Malin (Jira)

    [ https://issues.apache.org/jira/browse/OFBIZ-12205?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17305704#comment-17305704 ]

ASF subversion and git services commented on OFBIZ-12205:
---------------------------------------------------------

Commit 15bb640a83926d96163ef1496b3e162f79ae344c in ofbiz-framework's branch refs/heads/release17.12 from Jacques Le Roux
[ https://gitbox.apache.org/repos/asf?p=ofbiz-framework.git;h=15bb640 ]

Fixed: Upgrade Apache PDFBox to 2.0.23 because of CVE-2021-27807 and CVE-2021-27906 (OFBIZ-12205)

Currently we don't declare any dependency on PDFBox. I guess because it's used
as a 3rd party by another lib. Fortunately it's easily done.


> Upgrade Apache PDFBox to 2.0.23  because of CVE-2021-27807 and CVE-2021-27906
> -----------------------------------------------------------------------------
>
>                 Key: OFBIZ-12205
>                 URL: https://issues.apache.org/jira/browse/OFBIZ-12205
>             Project: OFBiz
>          Issue Type: Sub-task
>          Components: Gradle
>    Affects Versions: Trunk
>            Reporter: Jacques Le Roux
>            Assignee: Jacques Le Roux
>            Priority: Major
>
> Currently we don't declare any dependency on PDFBox. I guess because it's used as a 3rd party by another lib. Fortunately it's easily done.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)