You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@poi.apache.org by ki...@apache.org on 2019/10/20 19:40:04 UTC
svn commit: r1868667 - in /poi/site/src/documentation/content/xdocs:
apidocs/index.xml changes.xml download.xml index.xml
Author: kiwiwings
Date: Sun Oct 20 19:40:03 2019
New Revision: 1868667
URL: http://svn.apache.org/viewvc?rev=1868667&view=rev
Log:
POI 4.1.1 release infos
Modified:
poi/site/src/documentation/content/xdocs/apidocs/index.xml
poi/site/src/documentation/content/xdocs/changes.xml
poi/site/src/documentation/content/xdocs/download.xml
poi/site/src/documentation/content/xdocs/index.xml
Modified: poi/site/src/documentation/content/xdocs/apidocs/index.xml
URL: http://svn.apache.org/viewvc/poi/site/src/documentation/content/xdocs/apidocs/index.xml?rev=1868667&r1=1868666&r2=1868667&view=diff
==============================================================================
--- poi/site/src/documentation/content/xdocs/apidocs/index.xml (original)
+++ poi/site/src/documentation/content/xdocs/apidocs/index.xml Sun Oct 20 19:40:03 2019
@@ -56,8 +56,8 @@
Maven / Gradle / IDE users are able to fetch the javadocs for each
of the Apache POI jars from Maven Central (or your preferred Maven
mirror). These are made available with the <em>javadoc</em> classifier,
- eg <em>group: 'org.apache.poi', name: 'poi', version: '4.1.0',
- classifier: 'javaodc'</em>
+ e.g. <em>group: 'org.apache.poi', name: 'poi', version: '4.1.1',
+ classifier: 'javadoc'</em>
</p>
<p>
If you have downloaded the <em>binary (bin)</em> release, then you
Modified: poi/site/src/documentation/content/xdocs/changes.xml
URL: http://svn.apache.org/viewvc/poi/site/src/documentation/content/xdocs/changes.xml?rev=1868667&r1=1868666&r2=1868667&view=diff
==============================================================================
--- poi/site/src/documentation/content/xdocs/changes.xml (original)
+++ poi/site/src/documentation/content/xdocs/changes.xml Sun Oct 20 19:40:03 2019
@@ -89,13 +89,15 @@
<!-- release version="4.1.2" date="2020-01-??">
</release -->
- <release version="4.1.1" date="2019-10-23">
+ <release version="4.1.1" date="2019-10-20">
<summary>
- <summary-item>Improved chart support: more types and some API changes around angles and width units</summary-item>
- <summary-item>Upgrade to Bouncycastle 1.62</summary-item>
- <summary-item>Upgrade to Commons-Codec 1.13</summary-item>
- <summary-item>Upgrade to Commons-Collections4 4.4</summary-item>
- <summary-item>Upgrade to Commons-Compress 1.19</summary-item>
+ <summary-item>XSSF: Memory improvements which use much less memory while writing large xlsx files</summary-item>
+ <summary-item>XDDF: Improved chart support: more types and some API changes around angles and width units</summary-item>
+ <summary-item>updated dependencies to Bouncycastle 1.62, Commons-Codec 1.13, Commons-Collections4 4.4, Commons-Compress 1.19</summary-item>
+ <summary-item>XWPF: Additional API methods</summary-item>
+ <summary-item>XSSF: Fixes to XSSFSheet.addMergedRegion() and XSSFRow.shiftRows()</summary-item>
+ <summary-item>EMF/HSLF: Rendering fixes</summary-item>
+ <summary-item>CVE-2019-12415 - XML External Entity (XXE) Processing in Apache POI</summary-item>
</summary>
<actions>
<action dev="PD" type="fix" fixes-bug="63842" context="SS_Common">FractionFormat casts whole part of the value into 'int'</action>
Modified: poi/site/src/documentation/content/xdocs/download.xml
URL: http://svn.apache.org/viewvc/poi/site/src/documentation/content/xdocs/download.xml?rev=1868667&r1=1868666&r2=1868667&view=diff
==============================================================================
--- poi/site/src/documentation/content/xdocs/download.xml (original)
+++ poi/site/src/documentation/content/xdocs/download.xml Sun Oct 20 19:40:03 2019
@@ -20,126 +20,131 @@
<!DOCTYPE document PUBLIC "-//APACHE//DTD Documentation V2.0//EN" "document-v20.dtd">
<document>
- <header>
- <title>Apache POI - Download Release Artifacts</title>
- </header>
-
- <body>
- <section><title>Available Downloads</title>
- <p>
- This page provides instructions on how to download and verify the
- Apache POI release artifacts. There are different versions available depending on
- how stable your code should be.
- </p>
- <ul>
- <li><a href="#POI-4.1.0">The latest stable release is Apache POI 4.1.0</a></li>
- <li><a href="#nightly">Nightly/CI builds are available as well</a></li>
- <li><a href="#archive">Archives of all prior releases</a></li>
- </ul>
- <p>
- Apache POI releases are available under the <a href="https://www.apache.org/licenses/LICENSE-2.0">Apache License, Version 2.0.</a>
- See the NOTICE file contained in each release artifact for applicable copyright attribution notices.
- </p>
- <p>
- To ensure that you have downloaded the true release you should <a href="#verify">verify the integrity</a>
- of the files using the signatures and checksums available from this page.
- </p>
- </section>
-
- <!-- latest final release -->
- <section id="POI-4.1.0"><title>09 April 2019 - POI 4.1.0 available</title>
- <p>The Apache POI team is pleased to announce the release of 4.1.0.
- Featured are a handful of new areas of functionality and numerous bug fixes.</p>
- <p>A summary of changes is available in the
- <a href="https://www.apache.org/dyn/closer.lua/poi/dev/RELEASE-NOTES-4.1.0.txt">Release Notes</a>.
- A full list of changes is available in the <a href="site:changes">change log</a>.
- People interested should also follow the <a href="site:mailinglists">dev list</a>
- to track progress.</p>
- <p>
- The POI source release as well as the pre-built binary deployment packages are listed below.
- Pre-built versions of all <a href="site:components">POI components</a>
- are available in the central Maven repository under Group ID "org.apache.poi" and Version
- "4.1.0".
- </p>
- <section id="POI-4.1.0-bin"><title>Binary Distribution</title>
- <ul>
- <li>
- <a href="https://www.apache.org/dyn/closer.lua/poi/release/bin/poi-bin-4.1.0-20190412.tar.gz">poi-bin-4.1.0-20190412.tar.gz</a>
- (27.32 MB, <a href="https://www.apache.org/dist/poi/release/bin/poi-bin-4.1.0-20190412.tar.gz.asc">signature (.asc)</a>,
- checksum: <a href="https://www.apache.org/dist/poi/release/bin/poi-bin-4.1.0-20190412.tar.gz.sha256">SHA-256</a>,
- <a href="https://www.apache.org/dist/poi/release/bin/poi-bin-4.1.0-20190412.tar.gz.sha512">SHA-512</a>)
- </li>
- <li>
- <a href="https://www.apache.org/dyn/closer.lua/poi/release/bin/poi-bin-4.1.0-20190412.zip">poi-bin-4.1.0-20190412.zip</a>
- (37.23 MB, <a href="https://www.apache.org/dist/poi/release/bin/poi-bin-4.1.0-20190412.zip.asc">signature (.asc)</a>,
- checksum: <a href="https://www.apache.org/dist/poi/release/bin/poi-bin-4.1.0-20190412.zip.sha256">SHA-256</a>,
- <a href="https://www.apache.org/dist/poi/release/bin/poi-bin-4.1.0-20190412.zip.sha512">SHA-512</a>)
- </li>
- </ul>
- </section>
- <section id="POI-4.1.0-src"><title>Source Distribution</title>
- <ul>
- <li>
- <a href="https://www.apache.org/dyn/closer.lua/poi/release/src/poi-src-4.1.0-20190412.tar.gz">poi-src-4.1.0-20190412.tar.gz</a>
- (96.70 MB, <a href="https://www.apache.org/dist/poi/release/src/poi-src-4.1.0-20190412.tar.gz.asc">signature (.asc)</a>,
- checksum: <a href="https://www.apache.org/dist/poi/release/src/poi-src-4.1.0-20190412.tar.gz.sha256">SHA-256</a>,
- <a href="https://www.apache.org/dist/poi/release/src/poi-src-4.1.0-20190412.tar.gz.sha512">SHA-512</a>)
- </li>
- <li>
- <a href="https://www.apache.org/dyn/closer.lua/poi/release/src/poi-src-4.1.0-20190412.zip">poi-src-4.1.0-20190412.zip</a>
- (100.96 MB, <a href="https://www.apache.org/dist/poi/release/src/poi-src-4.1.0-20190412.zip.asc">signature (.asc)</a>,
- checksum: <a href="https://www.apache.org/dist/poi/release/src/poi-src-4.1.0-20190412.zip.sha256">SHA-256</a>,
- <a href="https://www.apache.org/dist/poi/release/src/poi-src-4.1.0-20190412.zip.sha512">SHA-512</a>)
- </li>
- </ul>
- </section>
- </section>
-
- <section id="nightly"><title>Nightly Builds</title>
- <p>The POI nightly builds are run on the <a href="https://builds.apache.org/view/P/view/POI/">Jenkins</a> continuous integration server.
- <br/>
- <strong>These builds should not be used in production</strong>: they are mostly intended for use by developers
- to help with resolving bugs and evaluating new features or users who want to try out the latest version.
- </p>
- <ul>
- <li><a href="https://builds.apache.org/view/P/view/POI/job/POI-DSL-1.8/lastSuccessfulBuild/artifact/build/dist/">
- Last Successful Jenkins build for POI-trunk</a></li>
- </ul>
- </section>
-
- <section id="verify"><title>Verify</title>
- <p>
- It is essential that you verify the integrity of the downloaded files using the PGP and MD5 signatures.
- Please read <a href="https://httpd.apache.org/dev/verification.html">Verifying Apache HTTP Server Releases</a>
- for more information on why you should verify our releases. This page provides detailed instructions which you can use for POI artifacts.
- </p>
- <p>
- The PGP signatures can be verified using PGP or GPG. First
- <a href="https://www.apache.org/dist/poi/KEYS">download the KEYS file</a>
- as well as the .asc signature files for the relevant release packages.
- Make sure you get these files from the main distribution directory, rather than from a mirror.
- Then <a href="https://www.apache.org/info/verification.html">verify the signatures</a>.
- </p>
- <p>
- As an example:
- </p>
- <source>
-% pgpk -a KEYS
-% pgpv poi-X.Y.Z.jar.asc
- </source>
- <p>or</p>
- <source>
-% pgp -ka KEYS
-% pgp poi-X.Y.Z.jar.asc
- </source>
- <p>or</p>
- <source>
-% gpg --import KEYS
-% gpg --verify poi-X.Y.Z.jar.asc poi-X.Y.Z.jar
- </source>
- <p>Sample verification of poi-bin-3.5-FINAL-20090928.tar.gz</p>
- <source>
-% gpg --import KEYS
+ <header>
+ <title>Apache POI - Download Release Artifacts</title>
+ </header>
+
+ <body>
+ <section>
+ <title>Available Downloads</title>
+ <p>
+ This page provides instructions on how to download and verify the Apache POI release artifacts. There
+ are different versions available depending on how stable your code should be.
+ </p>
+ <ul>
+ <li>
+ <a href="#POI-4.1.1">The latest stable release is Apache POI 4.1.1</a>
+ </li>
+ <li>
+ <a href="#nightly">Nightly/CI builds are available as well</a>
+ </li>
+ <li>
+ <a href="#archive">Archives of all prior releases</a>
+ </li>
+ </ul>
+ <p>
+ Apache POI releases are available under the
+ <a href="https://www.apache.org/licenses/LICENSE-2.0">Apache License, Version 2.0.</a>
+ See the NOTICE file contained in each release artifact for applicable copyright attribution notices.
+ </p>
+ <p>
+ To ensure that you have downloaded the true release you should
+ <a href="#verify">verify the integrity</a>
+ of the files using the signatures and checksums available from this page.
+ </p>
+ </section>
+
+ <!-- latest final release -->
+
+ <section id="POI-4.1.1"><title>20 October 2019 - POI 4.1.1 available</title>
+ <p>The Apache POI team is pleased to announce the release of 4.1.1.
+ Featured are a handful of new areas of functionality and numerous bug fixes.</p>
+ <p>A summary of changes is available in the
+ <a href="https://www.apache.org/dyn/closer.lua/poi/dev/RELEASE-NOTES-4.1.1.txt">Release Notes</a>.
+ A full list of changes is available in the <a href="site:changes">change log</a>.
+ People interested should also follow the <a href="site:mailinglists">dev list</a>
+ to track progress.</p>
+ <p>
+ The POI source release as well as the pre-built binary deployment packages are listed below.
+ Pre-built versions of all <a href="site:components">POI components</a>
+ are available in the central Maven repository under Group ID "org.apache.poi" and Version
+ "4.1.1".
+ </p>
+ <section id="POI-4.1.1-bin"><title>Binary Distribution</title>
+ <ul>
+ <li>
+ <a href="https://www.apache.org/dyn/closer.lua/poi/release/bin/poi-bin-4.1.1-20191023.tar.gz">poi-bin-4.1.1-20191023.tar.gz</a>
+ (28.13 MB, <a href="https://www.apache.org/dist/poi/release/bin/poi-bin-4.1.1-20191023.tar.gz.asc">signature (.asc)</a>,
+ checksum: <a href="https://www.apache.org/dist/poi/release/bin/poi-bin-4.1.1-20191023.tar.gz.sha256">SHA-256</a>,
+ <a href="https://www.apache.org/dist/poi/release/bin/poi-bin-4.1.1-20191023.tar.gz.sha512">SHA-512</a>)
+ </li>
+ <li>
+ <a href="https://www.apache.org/dyn/closer.lua/poi/release/bin/poi-bin-4.1.1-20191023.zip">poi-bin-4.1.1-20191023.zip</a>
+ (38.57 MB, <a href="https://www.apache.org/dist/poi/release/bin/poi-bin-4.1.1-20191023.zip.asc">signature (.asc)</a>,
+ checksum: <a href="https://www.apache.org/dist/poi/release/bin/poi-bin-4.1.1-20191023.zip.sha256">SHA-256</a>,
+ <a href="https://www.apache.org/dist/poi/release/bin/poi-bin-4.1.1-20191023.zip.sha512">SHA-512</a>)
+ </li>
+ </ul>
+ </section>
+ <section id="POI-4.1.1-src"><title>Source Distribution</title>
+ <ul>
+ <li>
+ <a href="https://www.apache.org/dyn/closer.lua/poi/release/src/poi-src-4.1.1-20191023.tar.gz">poi-src-4.1.1-20191023.tar.gz</a>
+ (96.93 MB, <a href="https://www.apache.org/dist/poi/release/src/poi-src-4.1.1-20191023.tar.gz.asc">signature (.asc)</a>,
+ checksum: <a href="https://www.apache.org/dist/poi/release/src/poi-src-4.1.1-20191023.tar.gz.sha256">SHA-256</a>,
+ <a href="https://www.apache.org/dist/poi/release/src/poi-src-4.1.1-20191023.tar.gz.sha512">SHA-512</a>)
+ </li>
+ <li>
+ <a href="https://www.apache.org/dyn/closer.lua/poi/release/src/poi-src-4.1.1-20191023.zip">poi-src-4.1.1-20191023.zip</a>
+ (101.23 MB, <a href="https://www.apache.org/dist/poi/release/src/poi-src-4.1.1-20191023.zip.asc">signature (.asc)</a>,
+ checksum: <a href="https://www.apache.org/dist/poi/release/src/poi-src-4.1.1-20191023.zip.sha256">SHA-256</a>,
+ <a href="https://www.apache.org/dist/poi/release/src/poi-src-4.1.1-20191023.zip.sha512">SHA-512</a>)
+ </li>
+ </ul>
+ </section>
+ </section>
+
+ <section id="nightly">
+ <title>Nightly Builds</title>
+ <p>The POI nightly builds are run on the <a href="https://builds.apache.org/view/P/view/POI/">Jenkins</a>
+ continuous integration server.<br/>
+ <strong>These builds should not be used in production</strong>: they are mostly intended for use by
+ developers to help with resolving bugs and evaluating new features or users who want to try out the
+ latest version.
+ </p>
+ <ul>
+ <li>
+ <a href="https://builds.apache.org/view/P/view/POI/job/POI-DSL-1.8/lastSuccessfulBuild/artifact/build/dist/">
+ Last Successful Jenkins build for POI-trunk
+ </a>
+ </li>
+ </ul>
+ </section>
+
+ <section id="verify">
+ <title>Verify</title>
+ <p>
+ It is essential that you verify the integrity of the downloaded files using the PGP and SHA2 signatures.
+ Please read
+ <a href="https://httpd.apache.org/dev/verification.html">Verifying Apache HTTP Server Releases</a>
+ for more information on why you should verify our releases. This page provides detailed instructions
+ which you can use for POI artifacts.
+ </p>
+ <p>
+ The PGP signatures can be verified using PGP or GPG. First
+ <a href="https://www.apache.org/dist/poi/KEYS">download the KEYS file</a>
+ as well as the .asc signature files for the relevant release packages. Make sure you get these files
+ from the main distribution directory, rather than from a mirror.
+ Then <a href="https://www.apache.org/info/verification.html">verify the signatures</a>.
+ </p>
+ <p>Batch check of all distribution files:</p>
+ <source>
+ find . -name "*.sha256" -type f -execdir sha256sum -c {} \;
+ find . -name "*.sha512" -type f -execdir sha512sum -c {} \;
+ find . -name "*.asc" -exec gpg --no-secmem-warning --verify {} \;
+ </source>
+ <p>Sample verification of poi-bin-3.5-FINAL-20090928.tar.gz</p>
+ <source>% gpg --import KEYS
gpg: key 12DAE9BE: "Glen Stampoultzis <glens at apache dot org>" not changed
gpg: key 4CEED75F: "Nick Burch <nick at gagravarr dot org>" not changed
gpg: key 84B5A42E: "Rainer Klute <rainer.klute at gmx dot de>" not changed
@@ -158,28 +163,36 @@ pub 1024D/F5BB52CD 2007-06-18 [expires
uid Yegor Kozlov <yegor.kozlov at gmail dot com>
uid Yegor Kozlov <yegor at dinom dot ru>
uid Yegor Kozlov <yegor at apache dot org>
-sub 4096g/7B45A98A 2007-06-18 [expires: 2012-06-16]
- </source>
- </section>
- <section id="archive"><title>Release Archives</title>
- <p>
- Apache POI became a top level project in June 2007 and POI 3.0 artifacts were re-released.
- Prior to that date POI was a sub-project of <a href="https://jakarta.apache.org/">Apache Jakarta.</a>
- </p>
- <ul>
- <li><a href="https://archive.apache.org/dist/poi/release/bin/">Binary Artifacts</a></li>
- <li><a href="https://archive.apache.org/dist/poi/release/src/">Source Artifacts</a></li>
- <li><a href="https://archive.apache.org/dist/poi/">Keys</a></li>
- <li><a href="https://archive.apache.org/dist/jakarta/poi/release/">Artifacts from prior to 3.0</a></li>
- </ul>
- </section>
- </body>
- <footer>
- <legal>
- Copyright (c) @year@ The Apache Software Foundation. All rights reserved.
- <br />
- Apache POI, POI, Apache, the Apache feather logo, and the Apache
- POI project logo are trademarks of The Apache Software Foundation.
- </legal>
- </footer>
+sub 4096g/7B45A98A 2007-06-18 [expires: 2012-06-16]</source>
+ </section>
+ <section id="archive">
+ <title>Release Archives</title>
+ <p>
+ Apache POI became a top level project in June 2007 and POI 3.0 artifacts were re-released. Prior to that
+ date POI was a sub-project of
+ <a href="https://jakarta.apache.org/">Apache Jakarta.</a>
+ </p>
+ <ul>
+ <li>
+ <a href="https://archive.apache.org/dist/poi/release/bin/">Binary Artifacts</a>
+ </li>
+ <li>
+ <a href="https://archive.apache.org/dist/poi/release/src/">Source Artifacts</a>
+ </li>
+ <li>
+ <a href="https://archive.apache.org/dist/poi/">Keys</a>
+ </li>
+ <li>
+ <a href="https://archive.apache.org/dist/jakarta/poi/release/">Artifacts from prior to 3.0</a>
+ </li>
+ </ul>
+ </section>
+ </body>
+ <footer>
+ <legal>
+ Copyright (c) @year@ The Apache Software Foundation. All rights reserved.<br/>
+ Apache POI, POI, Apache, the Apache feather logo, and the Apache POI project logo are trademarks of The
+ Apache Software Foundation.
+ </legal>
+ </footer>
</document>
Modified: poi/site/src/documentation/content/xdocs/index.xml
URL: http://svn.apache.org/viewvc/poi/site/src/documentation/content/xdocs/index.xml?rev=1868667&r1=1868666&r2=1868667&view=diff
==============================================================================
--- poi/site/src/documentation/content/xdocs/index.xml (original)
+++ poi/site/src/documentation/content/xdocs/index.xml Sun Oct 20 19:40:03 2019
@@ -22,13 +22,6 @@
<document>
<header>
<title>Apache POI - the Java API for Microsoft Documents</title>
- <authors>
- <person id="AO" name="Andrew C. Oliver" email="acoliver@apache.org"/>
- <person id="GJS" name="Glen Stampoultzis" email="user@poi.apache.org"/>
- <person id="AS" name="Avik Sengupta" email="user@poi.apache.org"/>
- <person id="RK" name="Rainer Klute" email="klute@apache.org"/>
- <person id="DF" name="David Fisher" email="dfisher@jmlafferty.com"/>
- </authors>
</header>
<body>
@@ -42,19 +35,40 @@
</section>
<!-- latest final release -->
- <section><title>09 April 2019 - POI 4.1.0 available</title>
- <p>The Apache POI team is pleased to announce the release of 4.1.0.
- This release features a new EMF renderer and support of SVG images in XSLF, improvements to Java 9+ support,
- a handful of new formula function implementations and numerous bug fixes. Several dependencies were also
- updated to their latest versions to pick up security fixes and other improvements.</p>
+ <section><title>20 October 2019 - POI 4.1.1 available</title>
+ <p>The Apache POI team is pleased to announce the release of 4.1.1.
+ This release features performance improvements while writing large xlsx files, improved chart support,
+ fixes in EMF/HSLF rendering. Several dependencies were also updated to their latest versions to pick
+ up security fixes and other improvements.</p>
<p>A summary of changes is available in the
<a href="https://www.apache.org/dyn/closer.lua/poi/release/RELEASE-NOTES.txt">Release Notes</a>.
- A full list of changes is available in the <a href="changes.html#4.1.0">change log</a>.
+ A full list of changes is available in the <a href="changes.html#4.1.1">change log</a>.
People interested should also follow the <a href="site:mailinglists">dev list</a> to track progress.</p>
- <p>See the <a href="download.html#POI-4.1.0">downloads</a> page for more details.</p>
+ <p>See the <a href="download.html#POI-4.1.1">downloads</a> page for more details.</p>
<p>POI requires Java 8 or newer since version 4.0.1.</p>
</section>
+ <section><title>20 October 2019 - CVE-2019-12415 - XML External Entity (XXE) Processing in Apache POI versions prior to 4.1.1</title>
+ <p>Description:<br/>
+ When using the tool XSSFExportToXml to convert user-provided Microsoft
+ Excel documents, a specially crafted document can allow an attacker to
+ read files from the local filesystem or from internal network resources
+ via XML External Entity (XXE) Processing.</p>
+
+ <p>Mitigation:<br/>
+ Apache POI 4.1.0 and before: users who do not use the tool XSSFExportToXml
+ are not affected. affected users are advised to update to Apache POI 4.1.1
+ which fixes this vulnerability.</p>
+
+ <p>Credit:
+ This issue was discovered by Artem Smotrakov from SAP</p>
+
+ <p>References:
+ <a href="https://en.wikipedia.org/wiki/XML_external_entity_attack">XML external entity attack</a>
+ </p>
+ </section>
+
+
<!-- xmlbeans 3.1.0 release -->
<section><title>26 March 2019 - XMLBeans 3.1.0 available</title>
<p>The Apache POI team is pleased to announce the release of XMLBeans 3.1.0.
@@ -68,19 +82,6 @@
<p>POI 4.1.0 uses XMLBeans 3.1.0.</p>
<p>XMLBeans requires Java 6 or newer since version 3.0.2.</p>
</section>
-
- <section><title>20 March 2017 - CVE-2017-5644 - Possible DOS (Denial of Service) in Apache POI versions prior to 3.15</title>
- <p>
- Apache POI in versions prior to release 3.15 allows remote attackers to cause a denial of service (CPU consumption)
- via a specially crafted OOXML file, aka an XML Entity Expansion (XEE) attack.
-
- Users with applications which accept content from external or untrusted sources are advised to upgrade to
- Apache POI 3.15 or newer.
-
- Thanks to Xiaolong Zhu and Huijun Chen from Huawei Technologies Co., Ltd. for reporting the vulnerability.
- </p>
- </section>
-
</section>
<section><title>Mission Statement</title>
@@ -185,22 +186,4 @@
POI project logo are trademarks of The Apache Software Foundation.
</legal>
</footer>
-</document>
-
-<!-- Keep this comment at the end of the file
-Local variables:
-mode: xml
-sgml-omittag:nil
-sgml-shorttag:nil
-sgml-namecase-general:nil
-sgml-general-insert-case:lower
-sgml-minimize-attributes:nil
-sgml-always-quote-attributes:t
-sgml-indent-step:2
-sgml-indent-data:t
-sgml-parent-document:nil
-sgml-exposed-tags:nil
-sgml-local-catalogs:nil
-sgml-local-ecat-files:nil
-End:
--->
+</document>
\ No newline at end of file
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@poi.apache.org
For additional commands, e-mail: commits-help@poi.apache.org