You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@pdfbox.apache.org by le...@apache.org on 2016/06/07 17:01:48 UTC
pdfbox-docs git commit: add post about recent CVE
Repository: pdfbox-docs
Updated Branches:
refs/heads/master ceb4cdd0a -> f88fcfbb5
add post about recent CVE
Project: http://git-wip-us.apache.org/repos/asf/pdfbox-docs/repo
Commit: http://git-wip-us.apache.org/repos/asf/pdfbox-docs/commit/f88fcfbb
Tree: http://git-wip-us.apache.org/repos/asf/pdfbox-docs/tree/f88fcfbb
Diff: http://git-wip-us.apache.org/repos/asf/pdfbox-docs/diff/f88fcfbb
Branch: refs/heads/master
Commit: f88fcfbb5b19426b8ce338e07e234afc46f829c4
Parents: ceb4cdd
Author: Andreas Lehmk�hler <an...@lehmi.de>
Authored: Tue Jun 7 19:01:10 2016 +0200
Committer: Andreas Lehmk�hler <an...@lehmi.de>
Committed: Tue Jun 7 19:01:10 2016 +0200
----------------------------------------------------------------------
content/_posts/2016-05-27-CVE-2016-2175.md | 31 +++++++++++++++++++++++++
1 file changed, 31 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/pdfbox-docs/blob/f88fcfbb/content/_posts/2016-05-27-CVE-2016-2175.md
----------------------------------------------------------------------
diff --git a/content/_posts/2016-05-27-CVE-2016-2175.md b/content/_posts/2016-05-27-CVE-2016-2175.md
new file mode 100644
index 0000000..2aa8d93
--- /dev/null
+++ b/content/_posts/2016-05-27-CVE-2016-2175.md
@@ -0,0 +1,31 @@
+---
+license: Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+
+layout: default
+title: CVE-2016-2175 XML External Entity vulnerability
+date: "2016-05-27 00:00:00 +0000"
+categories: [news]
+---
+
+Due to a XML External Entity vulnerability we strongly recommend to update to the most recent version of Apache PDFBox.
+
+**Versions Affected:**
+Apache PDFBox 1.8.0 to 1.8.11 and 2.0.0. Earlier, unsupported versions may be affected as well.
+
+**Mitigation:**
+Upgrade to Apache PDFBox 1.8.12 respectively 2.0.1