OFBiz OFBiz - Commits

svn commit: r1745751 - in /ofbiz/trunk: .classpath LICENSE framework/base/lib/pdfbox-1.8.11.jar framework/base/lib/pdfbox-1.8.12.jar

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
1 message Options
jleroux@apache.org
Reply | Threaded
Open this post in threaded view
|

svn commit: r1745751 - in /ofbiz/trunk: .classpath LICENSE framework/base/lib/pdfbox-1.8.11.jar framework/base/lib/pdfbox-1.8.12.jar

jleroux@apache.org
Author: jleroux
Date: Fri May 27 13:12:55 2016
New Revision: 1745751

URL: http://svn.apache.org/viewvc?rev=1745751&view=rev
Log:
Ugrades PDFBox to 1.8.12 (or 2.0.1?) due to vulnerability - https://issues.apache.org/jira/browse/OFBIZ-7136

See CVE-2016-2175: Apache PDFBox XML External Entity vulnerability

I did not try to update to version 2.0.1.
I only tested by using https://localhost:8443/example/control/ExampleReportPdfOptions?exampleId=EX01 but I got nothing, so I tried with R15.12 before backporting with the same issue so I guess it's unrelated with this update moreover with both branches I get an error in log for the barcode PDF I will open a Jira

Added:
    ofbiz/trunk/framework/base/lib/pdfbox-1.8.12.jar   (with props)
Removed:
    ofbiz/trunk/framework/base/lib/pdfbox-1.8.11.jar
Modified:
    ofbiz/trunk/.classpath
    ofbiz/trunk/LICENSE

Modified: ofbiz/trunk/.classpath
URL: http://svn.apache.org/viewvc/ofbiz/trunk/.classpath?rev=1745751&r1=1745750&r2=1745751&view=diff
==============================================================================
--- ofbiz/trunk/.classpath (original)
+++ ofbiz/trunk/.classpath Fri May 27 13:12:55 2016
@@ -2,7 +2,7 @@
 <classpath>
  <classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER"/>
  <classpathentry kind="lib" path="applications/content/lib/dom4j-1.6.1.jar"/>
- <classpathentry kind="lib" path="framework/base/lib/pdfbox-1.8.11.jar"/>
+ <classpathentry kind="lib" path="framework/base/lib/pdfbox-1.8.12.jar"/>
  <classpathentry kind="lib" path="framework/base/lib/jempbox-1.8.11.jar"/>
  <classpathentry kind="lib" path="framework/base/lib/fontbox-1.8.11.jar"/>
  <classpathentry kind="lib" path="applications/content/lib/poi-3.13-20150929.jar"/>

Modified: ofbiz/trunk/LICENSE
URL: http://svn.apache.org/viewvc/ofbiz/trunk/LICENSE?rev=1745751&r1=1745750&r2=1745751&view=diff
==============================================================================
--- ofbiz/trunk/LICENSE (original)
+++ ofbiz/trunk/LICENSE Fri May 27 13:12:55 2016
@@ -39,7 +39,7 @@ framework/base/lib/log4j-core-2.3.jar
 framework/base/lib/log4j-nosql-2.3.jar
 framework/base/lib/log4j-slf4j-impl-2.3.jar
 framework/base/lib/nekohtml-1.9.16.jar
-framework/base/lib/pdfbox-1.8.11.jar
+framework/base/lib/pdfbox-1.8.12.jar
 framework/base/lib/resolver-2.9.1.jar
 framework/base/lib/serializer-2.9.1.jar
 framework/base/lib/shiro-core-1.2.3.jar

Added: ofbiz/trunk/framework/base/lib/pdfbox-1.8.12.jar
URL: http://svn.apache.org/viewvc/ofbiz/trunk/framework/base/lib/pdfbox-1.8.12.jar?rev=1745751&view=auto
==============================================================================
Binary file - no diff available.

Propchange: ofbiz/trunk/framework/base/lib/pdfbox-1.8.12.jar
------------------------------------------------------------------------------
    svn:mime-type = application/octet-stream


Free forum by Nabble Edit this page