This is an automated email from the ASF dual-hosted git repository.
jleroux pushed a commit to branch release18.12
in repository
https://gitbox.apache.org/repos/asf/ofbiz-framework.gitThe following commit(s) were added to refs/heads/release18.12 by this push:
new fc0f4e6 Fixed: Upgrade Apache PDFBox to 2.0.23 because of CVE-2021-27807 and CVE-2021-27906 (OFBIZ-12205)
fc0f4e6 is described below
commit fc0f4e68c9efe291c00d5b9a973089d8cda4c1cf
Author: Jacques Le Roux <
[hidden email]>
AuthorDate: Sun Mar 21 16:35:41 2021 +0100
Fixed: Upgrade Apache PDFBox to 2.0.23 because of CVE-2021-27807 and CVE-2021-27906 (OFBIZ-12205)
Currently we don't declare any dependency on PDFBox. I guess because it's used
as a 3rd party by another lib. Fortunately it's easily done.
---
build.gradle | 1 +
1 file changed, 1 insertion(+)
diff --git a/build.gradle b/build.gradle
index ce78af8..70ac47a 100644
--- a/build.gradle
+++ b/build.gradle
@@ -196,6 +196,7 @@ dependencies {
compile 'org.apache.httpcomponents:httpclient-cache:4.5.6'
compile 'org.apache.logging.log4j:log4j-api:2.11.1' // the API of log4j 2
compile 'org.apache.poi:poi:3.17'
+ compile 'org.apache.pdfbox:pdfbox:2.0.23'
compile 'org.apache.shiro:shiro-core:1.4.0'
compile 'org.apache.sshd:sshd-core:1.7.0'
compile 'org.apache.tika:tika-core:1.24.1'