You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@poi.apache.org by fa...@apache.org on 2022/01/14 23:30:28 UTC
svn commit: r1897062 - /poi/site/src/documentation/content/xdocs/index.xml
Author: fanningpj
Date: Fri Jan 14 23:30:27 2022
New Revision: 1897062
URL: http://svn.apache.org/viewvc?rev=1897062&view=rev
Log:
POI 5.2.0 release
Modified:
poi/site/src/documentation/content/xdocs/index.xml
Modified: poi/site/src/documentation/content/xdocs/index.xml
URL: http://svn.apache.org/viewvc/poi/site/src/documentation/content/xdocs/index.xml?rev=1897062&r1=1897061&r2=1897062&view=diff
==============================================================================
--- poi/site/src/documentation/content/xdocs/index.xml (original)
+++ poi/site/src/documentation/content/xdocs/index.xml Fri Jan 14 23:30:27 2022
@@ -26,28 +26,29 @@
<body>
<section><title>Project News</title>
- <section><title>10+16+18 December 2021- Log4j vulnerabilities CVE-2021-44228, CVE-2021-45046 and CVE-2021-45105</title>
- <p>The Apache POI PMC has evaluated the security vulnerabilities reported
- for Apache Log4j.</p>
- <p>POI 5.1.0 and XMLBeans 5.0.2 (the latest releases of both) have only dependencies on log4j-api 2.14.1.
- The security vulnerabilities are not in log4j-api - they are in log4j-core.</p>
- <p>If any POI or XMLBeans user uses log4j-core to control their logging of their application,
- we strongly recommend that they upgrade all their log4j dependencies to the latest
- version (currently v2.17.1) - including log4j-api.</p>
- </section>
<!-- latest final release -->
- <section><title>1 November 2021 - POI 5.1.0 available</title>
- <p>The Apache POI team is pleased to announce the release of 5.1.0.
+ <section><title>14 January 2021 - POI 5.2.0 available</title>
+ <p>The Apache POI team is pleased to announce the release of 5.2.0.
Several dependencies were updated to their latest versions to pick up security fixes and other improvements.</p>
<p>A summary of changes is available in the
<a href="https://www.apache.org/dyn/closer.lua/poi/release/RELEASE-NOTES.txt">Release Notes</a>.
- A full list of changes is available in the <a href="changes.html#5.1.0">change log</a>.
+ A full list of changes is available in the <a href="changes.html#5.2.0">change log</a>.
People interested should also follow the <a href="site:mailinglists">dev list</a> to track progress.</p>
<p>See the <a href="download.html#POI-5.2.0">downloads</a> page for more details.</p>
<p>POI requires Java 8 or newer since version 4.0.1.</p>
</section>
+ <section><title>10+16+18 December 2021- Log4j vulnerabilities CVE-2021-44228, CVE-2021-45046 and CVE-2021-45105</title>
+ <p>The Apache POI PMC has evaluated the security vulnerabilities reported
+ for Apache Log4j.</p>
+ <p>POI 5.1.0 and XMLBeans 5.0.2 only have dependencies on log4j-api 2.14.1.
+ The security vulnerabilities are not in log4j-api - they are in log4j-core.</p>
+ <p>If any POI or XMLBeans user uses log4j-core to control their logging of their application,
+ we strongly recommend that they upgrade all their log4j dependencies to the latest
+ version (currently v2.17.1) - including log4j-api.</p>
+ </section>
+
<section><title>13 January 2021 - CVE-2021-23926 - XML External Entity (XXE) Processing in Apache XMLBeans versions prior to 3.0.0</title>
<p>Description:<br/>
When parsing XML files using XMLBeans 2.6.0 or below, the underlying parser
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@poi.apache.org
For additional commands, e-mail: commits-help@poi.apache.org