This is an automated email from the ASF dual-hosted git repository.
jleroux pushed a commit to branch release18.12
in repository https://gitbox.apache.org/repos/asf/ofbiz-framework.git
The following commit(s) were added to refs/heads/release18.12 by this push:
new 4cbc053 Fixed: Update PDFBox to 2.0.24 because of CVE-2021-31811 &
CVE-2021-31812 (OFBIZ-12256)
4cbc053 is described below
commit 4cbc053a3fa6a5abe19507f508b923a58f5c396f
Author: Jacques Le Roux <jacques.le.r...@les7arts.com>
AuthorDate: Sun Jun 13 09:14:20 2021 +0200
Fixed: Update PDFBox to 2.0.24 because of CVE-2021-31811 & CVE-2021-31812
(OFBIZ-12256)
CVE-2021-31811: A carefully crafted PDF file can trigger an
OutOfMemory-Exception
while loading the file. This issue affects Apache PDFBox version 2.0.23 and
prior 2.0.x versions.
CVE-2021-31812: a carefully crafted PDF file can trigger an infinite loop
while
loading the file. This issue affects Apache PDFBox version 2.0.23 and prior
2.0.x versions.
---
build.gradle | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/build.gradle b/build.gradle
index c37f46a..6b72679 100644
--- a/build.gradle
+++ b/build.gradle
@@ -196,7 +196,7 @@ dependencies {
compile 'org.apache.httpcomponents:httpclient-cache:4.5.6'
compile 'org.apache.logging.log4j:log4j-api:2.11.1' // the API of log4j 2
compile 'org.apache.poi:poi:3.17'
- compile 'org.apache.pdfbox:pdfbox:2.0.23'
+ compile 'org.apache.pdfbox:pdfbox:2.0.24'
compile 'org.apache.shiro:shiro-core:1.4.0'
compile 'org.apache.sshd:sshd-core:1.7.0'
compile 'org.apache.tika:tika-core:1.26'
