You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@maven.apache.org by sl...@apache.org on 2020/02/07 16:35:40 UTC

[maven-doxia] 01/01: [DOXIA-604] Upgrade to FOP 2.4

This is an automated email from the ASF dual-hosted git repository.

slachiewicz pushed a commit to branch DOXIA-604
in repository https://gitbox.apache.org/repos/asf/maven-doxia.git

commit faabbe76c1b304b6f6727810a6feba5c7ad437f4
Author: Sylwester Lachiewicz <sl...@apache.org>
AuthorDate: Thu Feb 6 22:40:13 2020 +0100

    [DOXIA-604] Upgrade to FOP 2.4
---
 doxia-modules/doxia-module-fo/pom.xml | 2 +-
 pom.xml                               | 8 --------
 2 files changed, 1 insertion(+), 9 deletions(-)

diff --git a/doxia-modules/doxia-module-fo/pom.xml b/doxia-modules/doxia-module-fo/pom.xml
index e1a2f8e..d9059d2 100644
--- a/doxia-modules/doxia-module-fo/pom.xml
+++ b/doxia-modules/doxia-module-fo/pom.xml
@@ -85,7 +85,7 @@ under the License.
     <dependency>
       <groupId>org.apache.xmlgraphics</groupId>
       <artifactId>fop</artifactId>
-      <version>2.3</version>
+      <version>2.4</version>
     </dependency>
     <dependency>
       <groupId>log4j</groupId>
diff --git a/pom.xml b/pom.xml
index 5c4a483..b31764f 100644
--- a/pom.xml
+++ b/pom.xml
@@ -202,14 +202,6 @@ under the License.
         <artifactId>plexus-component-annotations</artifactId>
         <version>1.7.1</version>
       </dependency>
-
-      <dependency><!-- remove when upgrade fop to higher than 2.3
-       https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8036 -->
-        <groupId>org.apache.pdfbox</groupId>
-        <artifactId>fontbox</artifactId>
-        <version>2.0.12</version>
-      </dependency>
-
       <dependency>
         <groupId>org.codehaus.plexus</groupId>
         <artifactId>plexus-utils</artifactId>