You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@ofbiz.apache.org by de...@apache.org on 2019/03/09 07:20:23 UTC

svn commit: r1855095 - /ofbiz/branches/release16.11/build.gradle

Author: deepak
Date: Sat Mar  9 07:20:23 2019
New Revision: 1855095

URL: http://svn.apache.org/viewvc?rev=1855095&view=rev
Log:
Fixed: Upgraded apache poi jar from 3.14 to 3.17 (CVE-2017-12626) 
(OFBIZ-10826)
 Apache POI in versions prior to release 3.17 are vulnerable to Denial of Service Attacks: 1) Infinite Loops while parsing crafted WMF, EMF, MSG and macros (POI bugs 61338 and 61294), and 2) Out of Memory Exceptions while parsing crafted DOC, PPT and XLS (POI bugs 52372 and 61295). 

Modified:
    ofbiz/branches/release16.11/build.gradle

Modified: ofbiz/branches/release16.11/build.gradle
URL: http://svn.apache.org/viewvc/ofbiz/branches/release16.11/build.gradle?rev=1855095&r1=1855094&r2=1855095&view=diff
==============================================================================
--- ofbiz/branches/release16.11/build.gradle (original)
+++ ofbiz/branches/release16.11/build.gradle Sat Mar  9 07:20:23 2019
@@ -119,7 +119,7 @@ dependencies {
     compile 'org.apache.geronimo.specs:geronimo-jms_1.1_spec:1.1.1'
     compile 'org.apache.httpcomponents:httpclient-cache:4.4.1'
     compile 'org.apache.logging.log4j:log4j-api:2.6.2' // the API of log4j 2
-    compile 'org.apache.poi:poi:3.14'
+    compile 'org.apache.poi:poi:3.17'
     compile 'org.apache.shiro:shiro-core:1.3.0'
     compile 'org.apache.tika:tika-core:1.12'
     compile 'org.apache.tika:tika-parsers:1.12'