Author: deepak
Date: Wed Jan 30 11:32:51 2019
New Revision: 1852517
URL:
http://svn.apache.org/viewvc?rev=1852517&view=revLog:
Manually applied fix from trunk for revision: 1852503
===
Fixed: Upgrade Apache Tika to 1.20 (CVE-2018-8017/CVE-2018-17197)
In Apache Tika 1.2 to 1.18, a carefully crafted file can trigger an infinite loop in the IptcAnpaParser.
A carefully crafted or corrupt sqlite file can cause an infinite loop in Apache Tika's SQLite3Parser in versions 1.8-1.19.1 of Apache Tika.
===
Modified:
ofbiz/ofbiz-framework/branches/release17.12/applications/product/src/main/java/org/apache/ofbiz/product/spreadsheetimport/ImportProductServices.java
ofbiz/ofbiz-framework/branches/release17.12/build.gradle
Modified: ofbiz/ofbiz-framework/branches/release17.12/applications/product/src/main/java/org/apache/ofbiz/product/spreadsheetimport/ImportProductServices.java
URL:
http://svn.apache.org/viewvc/ofbiz/ofbiz-framework/branches/release17.12/applications/product/src/main/java/org/apache/ofbiz/product/spreadsheetimport/ImportProductServices.java?rev=1852517&r1=1852516&r2=1852517&view=diff==============================================================================
--- ofbiz/ofbiz-framework/branches/release17.12/applications/product/src/main/java/org/apache/ofbiz/product/spreadsheetimport/ImportProductServices.java (original)
+++ ofbiz/ofbiz-framework/branches/release17.12/applications/product/src/main/java/org/apache/ofbiz/product/spreadsheetimport/ImportProductServices.java Wed Jan 30 11:32:51 2019
@@ -41,6 +41,7 @@ import org.apache.poi.hssf.usermodel.HSS
import org.apache.poi.hssf.usermodel.HSSFSheet;
import org.apache.poi.hssf.usermodel.HSSFWorkbook;
import org.apache.poi.poifs.filesystem.POIFSFileSystem;
+import org.apache.poi.ss.usermodel.CellType;
public class ImportProductServices {
@@ -122,12 +123,12 @@ public class ImportProductServices {
// read productId from first column "sheet column index
// starts from 0"
HSSFCell cell2 = row.getCell(2);
- cell2.setCellType(HSSFCell.CELL_TYPE_STRING);
+ cell2.setCellType(CellType.STRING);
String productId = cell2.getRichStringCellValue().toString();
// read QOH from ninth column
HSSFCell cell5 = row.getCell(5);
BigDecimal quantityOnHand = BigDecimal.ZERO;
- if (cell5 != null && cell5.getCellType() == HSSFCell.CELL_TYPE_NUMERIC) {
+ if (cell5 != null && cell5.getCellType() == CellType.NUMERIC) {
quantityOnHand = new BigDecimal(cell5.getNumericCellValue());
}
Modified: ofbiz/ofbiz-framework/branches/release17.12/build.gradle
URL:
http://svn.apache.org/viewvc/ofbiz/ofbiz-framework/branches/release17.12/build.gradle?rev=1852517&r1=1852516&r2=1852517&view=diff==============================================================================
--- ofbiz/ofbiz-framework/branches/release17.12/build.gradle (original)
+++ ofbiz/ofbiz-framework/branches/release17.12/build.gradle Wed Jan 30 11:32:51 2019
@@ -136,10 +136,10 @@ dependencies {
compile 'org.apache.geronimo.specs:geronimo-jms_1.1_spec:1.1.1'
compile 'org.apache.httpcomponents:httpclient-cache:4.5.4'
compile 'org.apache.logging.log4j:log4j-api:2.10.0' // the API of log4j 2
- compile 'org.apache.poi:poi:3.17'
compile 'org.apache.shiro:shiro-core:1.4.0'
- compile 'org.apache.tika:tika-core:1.16'
- compile 'org.apache.tika:tika-parsers:1.16'
+ compile 'org.apache.tika:tika-core:1.20'
+ compile 'org.apache.tika:tika-parsers:1.20'
+ compile 'org.apache.poi:poi:3.17'
compile 'org.apache.tomcat:tomcat-catalina-ha:9.0.10'
compile 'org.apache.tomcat:tomcat-catalina:9.0.10'
compile 'org.apache.tomcat:tomcat-jasper:9.0.10'
Locked
