You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@jackrabbit.apache.org by "Peter Walsh (JIRA)" <ji...@apache.org> on 2015/04/15 23:36:59 UTC

[jira] [Created] (JCR-3871) POI Vulnerabilities

Peter Walsh created JCR-3871:
--------------------------------

             Summary: POI Vulnerabilities
                 Key: JCR-3871
                 URL: https://issues.apache.org/jira/browse/JCR-3871
             Project: Jackrabbit Content Repository
          Issue Type: Bug
    Affects Versions: 2.10
            Reporter: Peter Walsh


Multiple security vulnerabilities in Apache POI require upgrade to at least 3.10.1 or later.

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3574
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3529 



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Re: [jira] [Created] (JCR-3871) POI Vulnerabilities

Posted by hsp <pi...@ibest.com.br>.

We have upgraded the tika dependency to 1.7 and poi is 3.11. No problem was
found with indexes after this, so the jackrabbit official release should be
with some dependency upgrades too.



--
View this message in context: http://jackrabbit.510166.n4.nabble.com/jira-Created-JCR-3871-POI-Vulnerabilities-tp4662313p4662315.html
Sent from the Jackrabbit - Dev mailing list archive at Nabble.com.