svn commit: r1852517 - in /ofbiz/ofbiz-framework/branches/release17.12: applications/product/src/main/java/org/apache/ofbiz/product/spreadsheetimport/ImportProductServices.java build.gradle

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

svn commit: r1852517 - in /ofbiz/ofbiz-framework/branches/release17.12: applications/product/src/main/java/org/apache/ofbiz/product/spreadsheetimport/ImportProductServices.java build.gradle

Deepak Dixit-5
Author: deepak
Date: Wed Jan 30 11:32:51 2019
New Revision: 1852517

URL: http://svn.apache.org/viewvc?rev=1852517&view=rev
Log:
Manually applied fix from trunk for revision: 1852503
===
Fixed: Upgrade Apache Tika to 1.20 (CVE-2018-8017/CVE-2018-17197)
In Apache Tika 1.2 to 1.18, a carefully crafted file can trigger an infinite loop in the IptcAnpaParser.
A carefully crafted or corrupt sqlite file can cause an infinite loop in Apache Tika's SQLite3Parser in versions 1.8-1.19.1 of Apache Tika.
===

Modified:
    ofbiz/ofbiz-framework/branches/release17.12/applications/product/src/main/java/org/apache/ofbiz/product/spreadsheetimport/ImportProductServices.java
    ofbiz/ofbiz-framework/branches/release17.12/build.gradle

Modified: ofbiz/ofbiz-framework/branches/release17.12/applications/product/src/main/java/org/apache/ofbiz/product/spreadsheetimport/ImportProductServices.java
URL: http://svn.apache.org/viewvc/ofbiz/ofbiz-framework/branches/release17.12/applications/product/src/main/java/org/apache/ofbiz/product/spreadsheetimport/ImportProductServices.java?rev=1852517&r1=1852516&r2=1852517&view=diff
==============================================================================
--- ofbiz/ofbiz-framework/branches/release17.12/applications/product/src/main/java/org/apache/ofbiz/product/spreadsheetimport/ImportProductServices.java (original)
+++ ofbiz/ofbiz-framework/branches/release17.12/applications/product/src/main/java/org/apache/ofbiz/product/spreadsheetimport/ImportProductServices.java Wed Jan 30 11:32:51 2019
@@ -41,6 +41,7 @@ import org.apache.poi.hssf.usermodel.HSS
 import org.apache.poi.hssf.usermodel.HSSFSheet;
 import org.apache.poi.hssf.usermodel.HSSFWorkbook;
 import org.apache.poi.poifs.filesystem.POIFSFileSystem;
+import org.apache.poi.ss.usermodel.CellType;
 
 public class ImportProductServices {
 
@@ -122,12 +123,12 @@ public class ImportProductServices {
                     // read productId from first column "sheet column index
                     // starts from 0"
                     HSSFCell cell2 = row.getCell(2);
-                    cell2.setCellType(HSSFCell.CELL_TYPE_STRING);
+                    cell2.setCellType(CellType.STRING);
                     String productId = cell2.getRichStringCellValue().toString();
                     // read QOH from ninth column
                     HSSFCell cell5 = row.getCell(5);
                     BigDecimal quantityOnHand = BigDecimal.ZERO;
-                    if (cell5 != null && cell5.getCellType() == HSSFCell.CELL_TYPE_NUMERIC) {
+                    if (cell5 != null && cell5.getCellType() == CellType.NUMERIC) {
                         quantityOnHand = new BigDecimal(cell5.getNumericCellValue());
                     }
 

Modified: ofbiz/ofbiz-framework/branches/release17.12/build.gradle
URL: http://svn.apache.org/viewvc/ofbiz/ofbiz-framework/branches/release17.12/build.gradle?rev=1852517&r1=1852516&r2=1852517&view=diff
==============================================================================
--- ofbiz/ofbiz-framework/branches/release17.12/build.gradle (original)
+++ ofbiz/ofbiz-framework/branches/release17.12/build.gradle Wed Jan 30 11:32:51 2019
@@ -136,10 +136,10 @@ dependencies {
     compile 'org.apache.geronimo.specs:geronimo-jms_1.1_spec:1.1.1'
     compile 'org.apache.httpcomponents:httpclient-cache:4.5.4'
     compile 'org.apache.logging.log4j:log4j-api:2.10.0' // the API of log4j 2
-    compile 'org.apache.poi:poi:3.17'
     compile 'org.apache.shiro:shiro-core:1.4.0'
-    compile 'org.apache.tika:tika-core:1.16'
-    compile 'org.apache.tika:tika-parsers:1.16'
+    compile 'org.apache.tika:tika-core:1.20'
+    compile 'org.apache.tika:tika-parsers:1.20'
+    compile 'org.apache.poi:poi:3.17'
     compile 'org.apache.tomcat:tomcat-catalina-ha:9.0.10'
     compile 'org.apache.tomcat:tomcat-catalina:9.0.10'
     compile 'org.apache.tomcat:tomcat-jasper:9.0.10'