This is an automated email from the ASF dual-hosted git repository.
jleroux pushed a commit to branch trunk
in repository
https://gitbox.apache.org/repos/asf/ofbiz-framework.gitThe following commit(s) were added to refs/heads/trunk by this push:
new ce6829a Fixed: Secure the uploads (OFBIZ-12080)
ce6829a is described below
commit ce6829aa72c86138e207fb847c3c4aac63e397bc
Author: Jacques Le Roux <
[hidden email]>
AuthorDate: Wed Dec 2 09:53:23 2020 +0100
Fixed: Secure the uploads (OFBIZ-12080)
org.apache.xmlgraphics:batik:1.13 does not include batik-svg-dom it's in
batik:batik-svg-dom:1.6-1.
It's also in org.eclipse.birt.runtime:viewservlets:4.5.0 that's why it worked
only with plugins
---
build.gradle | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/build.gradle b/build.gradle
index d940504..8737b78 100644
--- a/build.gradle
+++ b/build.gradle
@@ -190,7 +190,7 @@ dependencies {
implementation 'org.apache.tomcat:tomcat-catalina-ha:9.0.37' // Remember to change the version number in javadoc block
implementation 'org.apache.tomcat:tomcat-jasper:9.0.37'
implementation 'org.apache.axis2:axis2-kernel:1.7.9'
- implementation 'org.apache.xmlgraphics:batik:1.13'
+ implementation 'batik:batik-svg-dom:1.6-1'
implementation 'org.apache.xmlgraphics:fop:2.3' // NOTE: in 2.4 dependencies are messed up. See
https://github.com/moqui/moqui-fop/blob/master/build.gradle implementation 'org.apache.xmlrpc:xmlrpc-client:3.1.3'
implementation 'org.apache.xmlrpc:xmlrpc-server:3.1.3'
Locked
