Author: jleroux Date: Fri May 27 13:12:55 2016 New Revision: 1745751 URL: http://svn.apache.org/viewvc?rev=1745751&view=rev Log: Ugrades PDFBox to 1.8.12 (or 2.0.1?) due to vulnerability - https://issues.apache.org/jira/browse/OFBIZ-7136
See CVE-2016-2175: Apache PDFBox XML External Entity vulnerability I did not try to update to version 2.0.1. I only tested by using https://localhost:8443/example/control/ExampleReportPdfOptions?exampleId=EX01 but I got nothing, so I tried with R15.12 before backporting with the same issue so I guess it's unrelated with this update moreover with both branches I get an error in log for the barcode PDF I will open a Jira Added: ofbiz/trunk/framework/base/lib/pdfbox-1.8.12.jar (with props) Removed: ofbiz/trunk/framework/base/lib/pdfbox-1.8.11.jar Modified: ofbiz/trunk/.classpath ofbiz/trunk/LICENSE Modified: ofbiz/trunk/.classpath URL: http://svn.apache.org/viewvc/ofbiz/trunk/.classpath?rev=1745751&r1=1745750&r2=1745751&view=diff ============================================================================== --- ofbiz/trunk/.classpath (original) +++ ofbiz/trunk/.classpath Fri May 27 13:12:55 2016 @@ -2,7 +2,7 @@ <classpath> <classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER"/> <classpathentry kind="lib" path="applications/content/lib/dom4j-1.6.1.jar"/> - <classpathentry kind="lib" path="framework/base/lib/pdfbox-1.8.11.jar"/> + <classpathentry kind="lib" path="framework/base/lib/pdfbox-1.8.12.jar"/> <classpathentry kind="lib" path="framework/base/lib/jempbox-1.8.11.jar"/> <classpathentry kind="lib" path="framework/base/lib/fontbox-1.8.11.jar"/> <classpathentry kind="lib" path="applications/content/lib/poi-3.13-20150929.jar"/> Modified: ofbiz/trunk/LICENSE URL: http://svn.apache.org/viewvc/ofbiz/trunk/LICENSE?rev=1745751&r1=1745750&r2=1745751&view=diff ============================================================================== --- ofbiz/trunk/LICENSE (original) +++ ofbiz/trunk/LICENSE Fri May 27 13:12:55 2016 @@ -39,7 +39,7 @@ framework/base/lib/log4j-core-2.3.jar framework/base/lib/log4j-nosql-2.3.jar framework/base/lib/log4j-slf4j-impl-2.3.jar framework/base/lib/nekohtml-1.9.16.jar -framework/base/lib/pdfbox-1.8.11.jar +framework/base/lib/pdfbox-1.8.12.jar framework/base/lib/resolver-2.9.1.jar framework/base/lib/serializer-2.9.1.jar framework/base/lib/shiro-core-1.2.3.jar Added: ofbiz/trunk/framework/base/lib/pdfbox-1.8.12.jar URL: http://svn.apache.org/viewvc/ofbiz/trunk/framework/base/lib/pdfbox-1.8.12.jar?rev=1745751&view=auto ============================================================================== Binary file - no diff available. Propchange: ofbiz/trunk/framework/base/lib/pdfbox-1.8.12.jar ------------------------------------------------------------------------------ svn:mime-type = application/octet-stream
