[ofbiz-framework] branch release18.12 updated: Fixed: Upgrade Apache PDFBox to 2.0.23 because of CVE-2021-27807 and CVE-2021-27906 (OFBIZ-12205)

This is an automated email from the ASF dual-hosted git repository.

jleroux pushed a commit to branch release18.12
in repository https://gitbox.apache.org/repos/asf/ofbiz-framework.git


The following commit(s) were added to refs/heads/release18.12 by this push:
     new fc0f4e6  Fixed: Upgrade Apache PDFBox to 2.0.23 because of CVE-2021-27807 and CVE-2021-27906 (OFBIZ-12205)
fc0f4e6 is described below

commit fc0f4e68c9efe291c00d5b9a973089d8cda4c1cf
Author: Jacques Le Roux <[hidden email]>
AuthorDate: Sun Mar 21 16:35:41 2021 +0100

    Fixed: Upgrade Apache PDFBox to 2.0.23 because of CVE-2021-27807 and CVE-2021-27906 (OFBIZ-12205)
   
    Currently we don't declare any dependency on PDFBox. I guess because it's used
    as a 3rd party by another lib. Fortunately it's easily done.
---
 build.gradle | 1 +
 1 file changed, 1 insertion(+)

diff --git a/build.gradle b/build.gradle
index ce78af8..70ac47a 100644
--- a/build.gradle
+++ b/build.gradle
@@ -196,6 +196,7 @@ dependencies {
     compile 'org.apache.httpcomponents:httpclient-cache:4.5.6'
     compile 'org.apache.logging.log4j:log4j-api:2.11.1' // the API of log4j 2
     compile 'org.apache.poi:poi:3.17'
+    compile 'org.apache.pdfbox:pdfbox:2.0.23'
     compile 'org.apache.shiro:shiro-core:1.4.0'
     compile 'org.apache.sshd:sshd-core:1.7.0'
     compile 'org.apache.tika:tika-core:1.24.1'