You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@pdfbox.apache.org by "Tilman Hausherr (JIRA)" <ji...@apache.org> on 2017/07/11 15:16:00 UTC
[jira] [Updated] (PDFBOX-3865) Add OWASP dependency-check to build
[ https://issues.apache.org/jira/browse/PDFBOX-3865?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Tilman Hausherr updated PDFBOX-3865:
------------------------------------
Description:
https://github.com/jeremylong/dependency-check-gradle#current-release
checks the build against known security issues. I tried it with a project that linked pdfbox 2.0.0 (has XXE vulnerability) and yes, the build stopped.
Because the database needs 400MB in the repository we'll run it only in "pedantic" mode, i.e. for the jenkins builds.
was:
https://github.com/jeremylong/dependency-check-gradle#current-release
checks the build against known security issues. I tried it with a project that linked pdfbox 2.0.0 (has XXE vulnerability) and yes, the build stopped.
> Add OWASP dependency-check to build
> -----------------------------------
>
> Key: PDFBOX-3865
> URL: https://issues.apache.org/jira/browse/PDFBOX-3865
> Project: PDFBox
> Issue Type: Task
> Affects Versions: 2.0.6, 3.0.0
> Reporter: Tilman Hausherr
> Assignee: Tilman Hausherr
> Fix For: 2.0.7, 3.0.0
>
>
> https://github.com/jeremylong/dependency-check-gradle#current-release
> checks the build against known security issues. I tried it with a project that linked pdfbox 2.0.0 (has XXE vulnerability) and yes, the build stopped.
> Because the database needs 400MB in the repository we'll run it only in "pedantic" mode, i.e. for the jenkins builds.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@pdfbox.apache.org
For additional commands, e-mail: dev-help@pdfbox.apache.org