You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ofbiz.apache.org by jl...@apache.org on 2016/05/27 13:12:55 UTC
svn commit: r1745751 - in /ofbiz/trunk: .classpath LICENSE
framework/base/lib/pdfbox-1.8.11.jar framework/base/lib/pdfbox-1.8.12.jar
Author: jleroux
Date: Fri May 27 13:12:55 2016
New Revision: 1745751
URL: http://svn.apache.org/viewvc?rev=1745751&view=rev
Log:
Ugrades PDFBox to 1.8.12 (or 2.0.1?) due to vulnerability - https://issues.apache.org/jira/browse/OFBIZ-7136
See CVE-2016-2175: Apache PDFBox XML External Entity vulnerability
I did not try to update to version 2.0.1.
I only tested by using https://localhost:8443/example/control/ExampleReportPdfOptions?exampleId=EX01 but I got nothing, so I tried with R15.12 before backporting with the same issue so I guess it's unrelated with this update moreover with both branches I get an error in log for the barcode PDF I will open a Jira
Added:
ofbiz/trunk/framework/base/lib/pdfbox-1.8.12.jar (with props)
Removed:
ofbiz/trunk/framework/base/lib/pdfbox-1.8.11.jar
Modified:
ofbiz/trunk/.classpath
ofbiz/trunk/LICENSE
Modified: ofbiz/trunk/.classpath
URL: http://svn.apache.org/viewvc/ofbiz/trunk/.classpath?rev=1745751&r1=1745750&r2=1745751&view=diff
==============================================================================
--- ofbiz/trunk/.classpath (original)
+++ ofbiz/trunk/.classpath Fri May 27 13:12:55 2016
@@ -2,7 +2,7 @@
<classpath>
<classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER"/>
<classpathentry kind="lib" path="applications/content/lib/dom4j-1.6.1.jar"/>
- <classpathentry kind="lib" path="framework/base/lib/pdfbox-1.8.11.jar"/>
+ <classpathentry kind="lib" path="framework/base/lib/pdfbox-1.8.12.jar"/>
<classpathentry kind="lib" path="framework/base/lib/jempbox-1.8.11.jar"/>
<classpathentry kind="lib" path="framework/base/lib/fontbox-1.8.11.jar"/>
<classpathentry kind="lib" path="applications/content/lib/poi-3.13-20150929.jar"/>
Modified: ofbiz/trunk/LICENSE
URL: http://svn.apache.org/viewvc/ofbiz/trunk/LICENSE?rev=1745751&r1=1745750&r2=1745751&view=diff
==============================================================================
--- ofbiz/trunk/LICENSE (original)
+++ ofbiz/trunk/LICENSE Fri May 27 13:12:55 2016
@@ -39,7 +39,7 @@ framework/base/lib/log4j-core-2.3.jar
framework/base/lib/log4j-nosql-2.3.jar
framework/base/lib/log4j-slf4j-impl-2.3.jar
framework/base/lib/nekohtml-1.9.16.jar
-framework/base/lib/pdfbox-1.8.11.jar
+framework/base/lib/pdfbox-1.8.12.jar
framework/base/lib/resolver-2.9.1.jar
framework/base/lib/serializer-2.9.1.jar
framework/base/lib/shiro-core-1.2.3.jar
Added: ofbiz/trunk/framework/base/lib/pdfbox-1.8.12.jar
URL: http://svn.apache.org/viewvc/ofbiz/trunk/framework/base/lib/pdfbox-1.8.12.jar?rev=1745751&view=auto
==============================================================================
Binary file - no diff available.
Propchange: ofbiz/trunk/framework/base/lib/pdfbox-1.8.12.jar
------------------------------------------------------------------------------
svn:mime-type = application/octet-stream