You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ofbiz.apache.org by jl...@apache.org on 2016/05/27 13:17:53 UTC

svn commit: r1745752 - in /ofbiz/branches/release15.12: ./ .classpath LICENSE framework/base/lib/pdfbox-1.8.11.jar framework/base/lib/pdfbox-1.8.12.jar

Author: jleroux
Date: Fri May 27 13:17:53 2016
New Revision: 1745752

URL: http://svn.apache.org/viewvc?rev=1745752&view=rev
Log:
"Applied fix from trunk for revision: 1745751" 
------------------------------------------------------------------------
r1745751 | jleroux | 2016-05-27 15:12:55 +0200 (ven. 27 mai 2016) | 6 lignes

Ugrades PDFBox to 1.8.12 (or 2.0.1?) due to vulnerability - https://issues.apache.org/jira/browse/OFBIZ-7136

See CVE-2016-2175: Apache PDFBox XML External Entity vulnerability

I did not try to update to version 2.0.1. 
I only tested by using https://localhost:8443/example/control/ExampleReportPdfOptions?exampleId=EX01 but I got nothing, so I tried with R15.12 before backporting with the same issue so I guess it's unrelated with this update moreover with both branches I get an error in log for the barcode PDF I will open a Jira
------------------------------------------------------------------------


Added:
    ofbiz/branches/release15.12/framework/base/lib/pdfbox-1.8.12.jar
      - copied unchanged from r1745751, ofbiz/trunk/framework/base/lib/pdfbox-1.8.12.jar
Removed:
    ofbiz/branches/release15.12/framework/base/lib/pdfbox-1.8.11.jar
Modified:
    ofbiz/branches/release15.12/   (props changed)
    ofbiz/branches/release15.12/.classpath
    ofbiz/branches/release15.12/LICENSE

Propchange: ofbiz/branches/release15.12/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Fri May 27 13:17:53 2016
@@ -9,4 +9,4 @@
 /ofbiz/branches/json-integration-refactoring:1634077-1635900
 /ofbiz/branches/multitenant20100310:921280-927264
 /ofbiz/branches/release13.07:1547657
-/ofbiz/trunk:1722712,1723007,1723248,1724402,1724411,1724566,1724689,1724763,1724916,1724918,1724925,1724930,1724940,1724943,1724946,1724951,1724957,1724975,1724978,1725006,1725217,1725257,1725561,1725574,1726388,1726486,1726493,1726828,1727894,1728398,1728411,1729005,1729078,1729609,1729809,1730035,1730456,1730735-1730736,1730747,1730758,1730882,1730889,1731382,1731396,1732454,1732570,1732721,1733951,1733956,1734246,1734269,1734276,1734912,1734918,1735021,1735244,1735385,1735398,1735569,1735731,1735734,1735750,1735753,1735756,1735759,1735773,1736083,1736087,1736272,1736434,1736628,1736851,1736854,1736890,1737156,1737440,1738235,1738303,1738407,1738902,1739438,1739448,1739571,1740008,1740442,1740629,1741146,1741563,1741684,1741925,1741930,1741960,1742018,1742097,1742103,1742712,1742737,1742741,1743025,1743027,1743230,1743411-1743412,1743656,1743937,1744117,1744198,1744396,1744662,1744768,1744773,1744911,1745111,1745264,1745428,1745438,1745573,1745577
+/ofbiz/trunk:1722712,1723007,1723248,1724402,1724411,1724566,1724689,1724763,1724916,1724918,1724925,1724930,1724940,1724943,1724946,1724951,1724957,1724975,1724978,1725006,1725217,1725257,1725561,1725574,1726388,1726486,1726493,1726828,1727894,1728398,1728411,1729005,1729078,1729609,1729809,1730035,1730456,1730735-1730736,1730747,1730758,1730882,1730889,1731382,1731396,1732454,1732570,1732721,1733951,1733956,1734246,1734269,1734276,1734912,1734918,1735021,1735244,1735385,1735398,1735569,1735731,1735734,1735750,1735753,1735756,1735759,1735773,1736083,1736087,1736272,1736434,1736628,1736851,1736854,1736890,1737156,1737440,1738235,1738303,1738407,1738902,1739438,1739448,1739571,1740008,1740442,1740629,1741146,1741563,1741684,1741925,1741930,1741960,1742018,1742097,1742103,1742712,1742737,1742741,1743025,1743027,1743230,1743411-1743412,1743656,1743937,1744117,1744198,1744396,1744662,1744768,1744773,1744911,1745111,1745264,1745428,1745438,1745573,1745577,1745751

Modified: ofbiz/branches/release15.12/.classpath
URL: http://svn.apache.org/viewvc/ofbiz/branches/release15.12/.classpath?rev=1745752&r1=1745751&r2=1745752&view=diff
==============================================================================
--- ofbiz/branches/release15.12/.classpath (original)
+++ ofbiz/branches/release15.12/.classpath Fri May 27 13:17:53 2016
@@ -2,7 +2,7 @@
 <classpath>
 	<classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER"/>
 	<classpathentry kind="lib" path="applications/content/lib/dom4j-1.6.1.jar"/>
-	<classpathentry kind="lib" path="framework/base/lib/pdfbox-1.8.11.jar"/>
+	<classpathentry kind="lib" path="framework/base/lib/pdfbox-1.8.12.jar"/>
 	<classpathentry kind="lib" path="framework/base/lib/jempbox-1.8.11.jar"/>
 	<classpathentry kind="lib" path="framework/base/lib/fontbox-1.8.11.jar"/>
 	<classpathentry kind="lib" path="applications/content/lib/poi-3.13-20150929.jar"/>

Modified: ofbiz/branches/release15.12/LICENSE
URL: http://svn.apache.org/viewvc/ofbiz/branches/release15.12/LICENSE?rev=1745752&r1=1745751&r2=1745752&view=diff
==============================================================================
--- ofbiz/branches/release15.12/LICENSE (original)
+++ ofbiz/branches/release15.12/LICENSE Fri May 27 13:17:53 2016
@@ -39,7 +39,7 @@ framework/base/lib/log4j-core-2.3.jar
 framework/base/lib/log4j-nosql-2.3.jar
 framework/base/lib/log4j-slf4j-impl-2.3.jar
 framework/base/lib/nekohtml-1.9.16.jar
-framework/base/lib/pdfbox-1.8.11.jar
+framework/base/lib/pdfbox-1.8.12.jar
 framework/base/lib/resolver-2.9.1.jar
 framework/base/lib/serializer-2.9.1.jar
 framework/base/lib/shiro-core-1.2.3.jar