You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@pdfbox.apache.org by Andreas Lehmkuehler <an...@lehmi.de> on 2021/04/14 06:29:18 UTC
Apache PDFBox Board Report April 2021 due
Hi,
find attached a quick draft of the board report we're expected to submit this
month. It's based upon the report wizard template which can be found at [1]
Any comments or additions are appreciated ...
<draft>
## Description:
The mission of PDFBox is the creation and maintenance of software related to
Java library for working with PDF documents
## Issues:
There are no issues requiring board attention at this time.
Some bugs were reported via security@apache.org and 2 of them ended up in a
CVE. Both were solved in 2.0.23.
- CVE-2021-27906 Apache PDFBox: a carefully crafted PDF file can trigger an
OutOfMemory-Exception while loading the file
- CVE-2021-27807 Apache PDFBox: a carefully crafted PDF file can trigger an
infinite loop while loading the file
The credits goes to Fabian Meumertzheim who found this issues when working on
OSS-Fuzz
## Membership Data:
Apache PDFBox was founded 2009-10-21 (11 years ago)
There are currently 21 committers and 21 PMC members in this project.
The Committer-to-PMC ratio is 1:1.
Community changes, past quarter:
- No new PMC members. Last addition was Matthäus Mayer on 2017-10-16.
- No new committers. Last addition was Joerg O. Henne on 2017-10-09.
## Project Activity:
Recent releases:
2.0.23 was released on 2021-03-18.
2.0.22 was released on 2020-12-19.
2.0.21 was released on 2020-08-20.
## Community Health:
- there is a steady stream of contributions, bug reports and questions on the
mailing lists
- there are a lot of refactorings, improvements and bugfixes
- the first alpha version of the upcoming new major release 3.0.0 was released
- some of the downstream projects already started to integrate the new release
into their codebases. The feedback is positive so far.
</draft>
Andreas
[1] https://reporter.apache.org/wizard/?pdfbox
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@pdfbox.apache.org
For additional commands, e-mail: dev-help@pdfbox.apache.org
Re: Apache PDFBox Board Report April 2021 due
Posted by Andreas Lehmkuehler <an...@lehmi.de>.
Am 14.04.21 um 19:30 schrieb Tilman Hausherr:
> +1
>
> You could mention that there is a instructer at Wright State University who uses
> PDFBox in his class as starting point
> https://github.com/erikbuck/pdfbox/blob/patch-1/SRS%20(Requirements%20Document)
> https://github.com/erikbuck/pdfbox/blob/patch-1/Software%20Design%20Document
Thanks, good point, I've added that detail to the report
Andreas
>
> Tilman
>
> Am 14.04.2021 um 08:29 schrieb Andreas Lehmkuehler:
>> Hi,
>>
>> find attached a quick draft of the board report we're expected to submit this
>> month. It's based upon the report wizard template which can be found at [1]
>>
>> Any comments or additions are appreciated ...
>>
>> <draft>
>>
>> ## Description:
>> The mission of PDFBox is the creation and maintenance of software related to
>> Java library for working with PDF documents
>>
>> ## Issues:
>> There are no issues requiring board attention at this time.
>>
>> Some bugs were reported via security@apache.org and 2 of them ended up in a
>> CVE. Both were solved in 2.0.23.
>>
>> - CVE-2021-27906 Apache PDFBox: a carefully crafted PDF file can trigger an
>> OutOfMemory-Exception while loading the file
>> - CVE-2021-27807 Apache PDFBox: a carefully crafted PDF file can trigger an
>> infinite loop while loading the file
>>
>> The credits goes to Fabian Meumertzheim who found this issues when working on
>> OSS-Fuzz
>>
>> ## Membership Data:
>> Apache PDFBox was founded 2009-10-21 (11 years ago)
>> There are currently 21 committers and 21 PMC members in this project.
>> The Committer-to-PMC ratio is 1:1.
>>
>> Community changes, past quarter:
>> - No new PMC members. Last addition was Matthäus Mayer on 2017-10-16.
>> - No new committers. Last addition was Joerg O. Henne on 2017-10-09.
>>
>> ## Project Activity:
>> Recent releases:
>>
>> 2.0.23 was released on 2021-03-18.
>> 2.0.22 was released on 2020-12-19.
>> 2.0.21 was released on 2020-08-20.
>>
>> ## Community Health:
>> - there is a steady stream of contributions, bug reports and questions on the
>> mailing lists
>> - there are a lot of refactorings, improvements and bugfixes
>> - the first alpha version of the upcoming new major release 3.0.0 was released
>> - some of the downstream projects already started to integrate the new release
>> into their codebases. The feedback is positive so far.
>>
>> </draft>
>>
>> Andreas
>>
>> [1] https://reporter.apache.org/wizard/?pdfbox
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: dev-unsubscribe@pdfbox.apache.org
>> For additional commands, e-mail: dev-help@pdfbox.apache.org
>>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@pdfbox.apache.org
> For additional commands, e-mail: dev-help@pdfbox.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@pdfbox.apache.org
For additional commands, e-mail: dev-help@pdfbox.apache.org
Re: Apache PDFBox Board Report April 2021 due
Posted by Tilman Hausherr <TH...@t-online.de>.
+1
You could mention that there is a instructer at Wright State University
who uses PDFBox in his class as starting point
https://github.com/erikbuck/pdfbox/blob/patch-1/SRS%20(Requirements%20Document)
https://github.com/erikbuck/pdfbox/blob/patch-1/Software%20Design%20Document
Tilman
Am 14.04.2021 um 08:29 schrieb Andreas Lehmkuehler:
> Hi,
>
> find attached a quick draft of the board report we're expected to
> submit this
> month. It's based upon the report wizard template which can be found
> at [1]
>
> Any comments or additions are appreciated ...
>
> <draft>
>
> ## Description:
> The mission of PDFBox is the creation and maintenance of software
> related to
> Java library for working with PDF documents
>
> ## Issues:
> There are no issues requiring board attention at this time.
>
> Some bugs were reported via security@apache.org and 2 of them ended up
> in a
> CVE. Both were solved in 2.0.23.
>
> - CVE-2021-27906 Apache PDFBox: a carefully crafted PDF file can
> trigger an
> OutOfMemory-Exception while loading the file
> - CVE-2021-27807 Apache PDFBox: a carefully crafted PDF file can
> trigger an
> infinite loop while loading the file
>
> The credits goes to Fabian Meumertzheim who found this issues when
> working on
> OSS-Fuzz
>
> ## Membership Data:
> Apache PDFBox was founded 2009-10-21 (11 years ago)
> There are currently 21 committers and 21 PMC members in this project.
> The Committer-to-PMC ratio is 1:1.
>
> Community changes, past quarter:
> - No new PMC members. Last addition was Matthäus Mayer on 2017-10-16.
> - No new committers. Last addition was Joerg O. Henne on 2017-10-09.
>
> ## Project Activity:
> Recent releases:
>
> 2.0.23 was released on 2021-03-18.
> 2.0.22 was released on 2020-12-19.
> 2.0.21 was released on 2020-08-20.
>
> ## Community Health:
> - there is a steady stream of contributions, bug reports and questions
> on the
> mailing lists
> - there are a lot of refactorings, improvements and bugfixes
> - the first alpha version of the upcoming new major release 3.0.0 was
> released
> - some of the downstream projects already started to integrate the new
> release
> into their codebases. The feedback is positive so far.
>
> </draft>
>
> Andreas
>
> [1] https://reporter.apache.org/wizard/?pdfbox
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@pdfbox.apache.org
> For additional commands, e-mail: dev-help@pdfbox.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@pdfbox.apache.org
For additional commands, e-mail: dev-help@pdfbox.apache.org
Re: Apache PDFBox Board Report April 2021 due
Posted by Maruan Sahyoun <sa...@fileaffairs.de>.
+1
Maruan
> Am 14.04.2021 um 08:29 schrieb Andreas Lehmkuehler <an...@lehmi.de>:
>
> Hi,
>
> find attached a quick draft of the board report we're expected to submit this
> month. It's based upon the report wizard template which can be found at [1]
>
> Any comments or additions are appreciated ...
>
> <draft>
>
> ## Description:
> The mission of PDFBox is the creation and maintenance of software related to
> Java library for working with PDF documents
>
> ## Issues:
> There are no issues requiring board attention at this time.
>
> Some bugs were reported via security@apache.org and 2 of them ended up in a
> CVE. Both were solved in 2.0.23.
>
> - CVE-2021-27906 Apache PDFBox: a carefully crafted PDF file can trigger an
> OutOfMemory-Exception while loading the file
> - CVE-2021-27807 Apache PDFBox: a carefully crafted PDF file can trigger an
> infinite loop while loading the file
>
> The credits goes to Fabian Meumertzheim who found this issues when working on
> OSS-Fuzz
>
> ## Membership Data:
> Apache PDFBox was founded 2009-10-21 (11 years ago)
> There are currently 21 committers and 21 PMC members in this project.
> The Committer-to-PMC ratio is 1:1.
>
> Community changes, past quarter:
> - No new PMC members. Last addition was Matthäus Mayer on 2017-10-16.
> - No new committers. Last addition was Joerg O. Henne on 2017-10-09.
>
> ## Project Activity:
> Recent releases:
>
> 2.0.23 was released on 2021-03-18.
> 2.0.22 was released on 2020-12-19.
> 2.0.21 was released on 2020-08-20.
>
> ## Community Health:
> - there is a steady stream of contributions, bug reports and questions on the
> mailing lists
> - there are a lot of refactorings, improvements and bugfixes
> - the first alpha version of the upcoming new major release 3.0.0 was released
> - some of the downstream projects already started to integrate the new release
> into their codebases. The feedback is positive so far.
>
> </draft>
>
> Andreas
>
> [1] https://reporter.apache.org/wizard/?pdfbox
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@pdfbox.apache.org
> For additional commands, e-mail: dev-help@pdfbox.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@pdfbox.apache.org
For additional commands, e-mail: dev-help@pdfbox.apache.org