You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@pdfbox.apache.org by le...@apache.org on 2016/06/07 17:01:48 UTC

pdfbox-docs git commit: add post about recent CVE

Repository: pdfbox-docs
Updated Branches:
  refs/heads/master ceb4cdd0a -> f88fcfbb5


add post about recent CVE


Project: http://git-wip-us.apache.org/repos/asf/pdfbox-docs/repo
Commit: http://git-wip-us.apache.org/repos/asf/pdfbox-docs/commit/f88fcfbb
Tree: http://git-wip-us.apache.org/repos/asf/pdfbox-docs/tree/f88fcfbb
Diff: http://git-wip-us.apache.org/repos/asf/pdfbox-docs/diff/f88fcfbb

Branch: refs/heads/master
Commit: f88fcfbb5b19426b8ce338e07e234afc46f829c4
Parents: ceb4cdd
Author: Andreas Lehmk�hler <an...@lehmi.de>
Authored: Tue Jun 7 19:01:10 2016 +0200
Committer: Andreas Lehmk�hler <an...@lehmi.de>
Committed: Tue Jun 7 19:01:10 2016 +0200

----------------------------------------------------------------------
 content/_posts/2016-05-27-CVE-2016-2175.md | 31 +++++++++++++++++++++++++
 1 file changed, 31 insertions(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/pdfbox-docs/blob/f88fcfbb/content/_posts/2016-05-27-CVE-2016-2175.md
----------------------------------------------------------------------
diff --git a/content/_posts/2016-05-27-CVE-2016-2175.md b/content/_posts/2016-05-27-CVE-2016-2175.md
new file mode 100644
index 0000000..2aa8d93
--- /dev/null
+++ b/content/_posts/2016-05-27-CVE-2016-2175.md
@@ -0,0 +1,31 @@
+---
+license: Licensed to the Apache Software Foundation (ASF) under one
+         or more contributor license agreements.  See the NOTICE file
+         distributed with this work for additional information
+         regarding copyright ownership.  The ASF licenses this file
+         to you under the Apache License, Version 2.0 (the
+         "License"); you may not use this file except in compliance
+         with the License.  You may obtain a copy of the License at
+
+           http://www.apache.org/licenses/LICENSE-2.0
+
+         Unless required by applicable law or agreed to in writing,
+         software distributed under the License is distributed on an
+         "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+         KIND, either express or implied.  See the License for the
+         specific language governing permissions and limitations
+         under the License.
+         
+layout:  default
+title:   CVE-2016-2175 XML External Entity vulnerability
+date: "2016-05-27 00:00:00 +0000"
+categories: [news]
+---
+
+Due to a XML External Entity vulnerability we strongly recommend to update to the most recent version of Apache PDFBox.
+
+**Versions Affected:**
+Apache PDFBox 1.8.0 to 1.8.11 and 2.0.0. Earlier, unsupported versions may be affected as well.
+
+**Mitigation:**
+Upgrade to Apache PDFBox 1.8.12 respectively 2.0.1