This is an automated email from the ASF dual-hosted git repository.
jleroux pushed a commit to branch release17.12
in repository
https://gitbox.apache.org/repos/asf/ofbiz-framework.gitThe following commit(s) were added to refs/heads/release17.12 by this push:
new e1e7c2a Fixed: Update PDFBox to 2.0.24 because of CVE-2021-31811 & CVE-2021-31812 (OFBIZ-12256)
e1e7c2a is described below
commit e1e7c2a4d3dd79e500103ed1d9ee29ea7237a498
Author: Jacques Le Roux <
[hidden email]>
AuthorDate: Sun Jun 13 09:16:16 2021 +0200
Fixed: Update PDFBox to 2.0.24 because of CVE-2021-31811 & CVE-2021-31812 (OFBIZ-12256)
CVE-2021-31811: A carefully crafted PDF file can trigger an OutOfMemory-Exception
while loading the file. This issue affects Apache PDFBox version 2.0.23 and prior 2.0.x versions.
CVE-2021-31812: a carefully crafted PDF file can trigger an infinite loop while
loading the file. This issue affects Apache PDFBox version 2.0.23 and prior 2.0.x versions.
---
build.gradle | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/build.gradle b/build.gradle
index 0739140..71dd7e0 100644
--- a/build.gradle
+++ b/build.gradle
@@ -173,7 +173,7 @@ dependencies {
compile 'org.apache.shiro:shiro-core:1.4.0'
compile 'org.apache.tika:tika-core:1.26'
compile 'org.apache.tika:tika-parsers:1.26'
- compile 'org.apache.pdfbox:pdfbox:2.0.23'
+ compile 'org.apache.pdfbox:pdfbox:2.0.24'
compile 'org.apache.poi:poi:3.17'
compile 'org.apache.tomcat:tomcat-catalina-ha:9.0.43'
compile 'org.apache.tomcat:tomcat-catalina:9.0.43'
Locked
