This is an automated email from the ASF dual-hosted git repository.
jleroux pushed a commit to branch trunk
in repository
https://gitbox.apache.org/repos/asf/ofbiz-framework.gitThe following commit(s) were added to refs/heads/trunk by this push:
new df69401 Fixed: Upgrade Apache PDFBox to 2.0.23 because of CVE-2021-27807 and CVE-2021-27906 (OFBIZ-12205)
df69401 is described below
commit df69401118c99896432b417690f2229bc757072c
Author: Jacques Le Roux <
[hidden email]>
AuthorDate: Sun Mar 21 16:27:53 2021 +0100
Fixed: Upgrade Apache PDFBox to 2.0.23 because of CVE-2021-27807 and CVE-2021-27906 (OFBIZ-12205)
Currently we don't declare any dependency on PDFBox. I guess because it's used
as a 3rd party by another lib. Fortunately it's easily done.
---
build.gradle | 1 +
1 file changed, 1 insertion(+)
diff --git a/build.gradle b/build.gradle
index e80ed15..8745b08 100644
--- a/build.gradle
+++ b/build.gradle
@@ -205,6 +205,7 @@ dependencies {
implementation 'org.apache.logging.log4j:log4j-api:2.14.0' // the API of log4j 2
implementation 'org.apache.logging.log4j:log4j-core:2.14.0' // Somehow needed by Buildbot to compile OFBizDynamicThresholdFilter.java
implementation 'org.apache.poi:poi:4.1.2'
+ implementation 'org.apache.pdfbox:pdfbox:2.0.23'
implementation 'org.apache.shiro:shiro-core:1.4.1' // So far we did not update from 1.4.1 because of a compile issue or w/ 1.7.0 an EntityCrypto exception when loading data. You may try w/ a newer version than 1.7.0
implementation 'org.apache.sshd:sshd-core:1.7.0' // So far we did not update from 1.7.0 because of a compile issue. You may try w/ a newer version than 2.4.0
implementation 'org.apache.tika:tika-core:1.25'
Locked
