You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@poi.apache.org by bu...@apache.org on 2018/03/02 11:18:08 UTC

[Bug 62151] Illegal reflective access by org.apache.poi.util.DocumentHelper and org.apache.poi.util is accessible from more than one module

https://bz.apache.org/bugzilla/show_bug.cgi?id=62151

Nick Burch <ap...@gagravarr.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |NEEDINFO
                 OS|                            |All

--- Comment #1 from Nick Burch <ap...@gagravarr.org> ---
The former we're unlikely to fix - Apache POI has multiple jars which make up
the project and allow you to exclude the parts of the project you don't want.
Because of design decisions taken by the Java 9 jigsaw team, our only fix is to
provide a single uber-jar with everything in. We're discussing that now, but
you could easily build your own if you wanted in the mean time

The latter I don't know how we can fix. For security reasons, we need to tell
the built-in Java XML parser to turn on non-default settings to increase the
parsing security. I don't believe that there's a public API for doing that,
only the private ones.

Are you able to find any Java 9 advice on how to turn on the XML security
features with the built-in xml parser using only public calls in Java 9?

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@poi.apache.org
For additional commands, e-mail: dev-help@poi.apache.org