This is an automated email from the ASF dual-hosted git repository.
jleroux pushed a commit to branch release17.12
in repository
https://gitbox.apache.org/repos/asf/ofbiz-framework.gitThe following commit(s) were added to refs/heads/release17.12 by this push:
new 15bb640 Fixed: Upgrade Apache PDFBox to 2.0.23 because of CVE-2021-27807 and CVE-2021-27906 (OFBIZ-12205)
15bb640 is described below
commit 15bb640a83926d96163ef1496b3e162f79ae344c
Author: Jacques Le Roux <
[hidden email]>
AuthorDate: Sun Mar 21 16:38:52 2021 +0100
Fixed: Upgrade Apache PDFBox to 2.0.23 because of CVE-2021-27807 and CVE-2021-27906 (OFBIZ-12205)
Currently we don't declare any dependency on PDFBox. I guess because it's used
as a 3rd party by another lib. Fortunately it's easily done.
---
build.gradle | 1 +
1 file changed, 1 insertion(+)
diff --git a/build.gradle b/build.gradle
index 654c801..56a7cc9 100644
--- a/build.gradle
+++ b/build.gradle
@@ -173,6 +173,7 @@ dependencies {
compile 'org.apache.shiro:shiro-core:1.4.0'
compile 'org.apache.tika:tika-core:1.24.1'
compile 'org.apache.tika:tika-parsers:1.24.1'
+ compile 'org.apache.pdfbox:pdfbox:2.0.23'
compile 'org.apache.poi:poi:3.17'
compile 'org.apache.tomcat:tomcat-catalina-ha:9.0.43'
compile 'org.apache.tomcat:tomcat-catalina:9.0.43'