This is an automated email from the ASF dual-hosted git repository.
jleroux pushed a commit to branch trunk
in repository
https://gitbox.apache.org/repos/asf/ofbiz-framework.gitThe following commit(s) were added to refs/heads/trunk by this push:
new 939961c Fixed: Update PDFBox to 2.0.24 because of CVE-2021-31811 & CVE-2021-31812 (OFBIZ-12256)
939961c is described below
commit 939961cfb1de585418258279f27ca1c4e8a60afb
Author: Jacques Le Roux <
[hidden email]>
AuthorDate: Sun Jun 13 08:54:35 2021 +0200
Fixed: Update PDFBox to 2.0.24 because of CVE-2021-31811 & CVE-2021-31812 (OFBIZ-12256)
CVE-2021-31811: A carefully crafted PDF file can trigger an OutOfMemory-Exception
while loading the file. This issue affects Apache PDFBox version 2.0.23 and prior 2.0.x versions.
CVE-2021-31812: a carefully crafted PDF file can trigger an infinite loop while
loading the file. This issue affects Apache PDFBox version 2.0.23 and prior 2.0.x versions.
---
build.gradle | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/build.gradle b/build.gradle
index f02e520..ec0b661 100644
--- a/build.gradle
+++ b/build.gradle
@@ -205,7 +205,7 @@ dependencies {
implementation 'org.apache.logging.log4j:log4j-api:2.14.0' // the API of log4j 2
implementation 'org.apache.logging.log4j:log4j-core:2.14.0' // Somehow needed by Buildbot to compile OFBizDynamicThresholdFilter.java
implementation 'org.apache.poi:poi:4.1.2'
- implementation 'org.apache.pdfbox:pdfbox:2.0.23'
+ implementation 'org.apache.pdfbox:pdfbox:2.0.24'
implementation 'org.apache.shiro:shiro-core:1.4.1' // So far we did not update from 1.4.1 because of a compile issue or w/ 1.7.0 an EntityCrypto exception when loading data. You may try w/ a newer version than 1.7.0
implementation 'org.apache.sshd:sshd-core:1.7.0' // So far we did not update from 1.7.0 because of a compile issue. You may try w/ a newer version than 2.4.0
implementation 'org.apache.tika:tika-core:1.26'
Locked
