You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@jackrabbit.apache.org by "Peter Walsh (JIRA)" <ji...@apache.org> on 2015/04/15 23:36:59 UTC
[jira] [Created] (JCR-3871) POI Vulnerabilities
Peter Walsh created JCR-3871:
--------------------------------
Summary: POI Vulnerabilities
Key: JCR-3871
URL: https://issues.apache.org/jira/browse/JCR-3871
Project: Jackrabbit Content Repository
Issue Type: Bug
Affects Versions: 2.10
Reporter: Peter Walsh
Multiple security vulnerabilities in Apache POI require upgrade to at least 3.10.1 or later.
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3574
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3529
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
Re: [jira] [Created] (JCR-3871) POI Vulnerabilities
Posted by hsp <pi...@ibest.com.br>.
We have upgraded the tika dependency to 1.7 and poi is 3.11. No problem was
found with indexes after this, so the jackrabbit official release should be
with some dependency upgrades too.
--
View this message in context: http://jackrabbit.510166.n4.nabble.com/jira-Created-JCR-3871-POI-Vulnerabilities-tp4662313p4662315.html
Sent from the Jackrabbit - Dev mailing list archive at Nabble.com.