Repository: pdfbox-docs Updated Branches: refs/heads/asf-site 1a6a784f8 -> d83e97575
Site checkin for project Apache PDFBox Website Project: http://git-wip-us.apache.org/repos/asf/pdfbox-docs/repo Commit: http://git-wip-us.apache.org/repos/asf/pdfbox-docs/commit/d83e9757 Tree: http://git-wip-us.apache.org/repos/asf/pdfbox-docs/tree/d83e9757 Diff: http://git-wip-us.apache.org/repos/asf/pdfbox-docs/diff/d83e9757 Branch: refs/heads/asf-site Commit: d83e9757574c72103ec29a182b25ee73f579714a Parents: 1a6a784 Author: Andreas Lehmkühler <andr...@lehmi.de> Authored: Tue Jun 7 19:02:19 2016 +0200 Committer: Andreas Lehmkühler <andr...@lehmi.de> Committed: Tue Jun 7 19:02:19 2016 +0200 ---------------------------------------------------------------------- content/index.html | 28 ++-- content/news/2016/05/27/CVE-2016-2175.html | 200 ++++++++++++++++++++++++ 2 files changed, 214 insertions(+), 14 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/pdfbox-docs/blob/d83e9757/content/index.html ---------------------------------------------------------------------- diff --git a/content/index.html b/content/index.html index 224f6cd..32c4ad8 100644 --- a/content/index.html +++ b/content/index.html @@ -139,13 +139,14 @@ Apache PDFBox also includes several command line utilities. Apache PDFBox is published under the Apache License v2.0.</p> -<h2>Apache PDFBox 1.8.12 and 2.0.1 released (2016-04-26)</h2> -<p>The Apache PDFBox community is pleased to announce the release of -Apache PDFBox version 1.8.12 and 2.0.1. They are available for download at:</p> +<h2>CVE-2016-2175 XML External Entity vulnerability (2016-05-27)</h2> +<p>Due to a XML External Entity vulnerability we strongly recommend to update to the most recent version of Apache PDFBox.</p> -<p><a href="http://pdfbox.apache.org/download.cgi">http://pdfbox.apache.org/download.cgi</a></p> +<p><strong>Versions Affected:</strong> +Apache PDFBox 1.8.0 to 1.8.11 and 2.0.0. Earlier, unsupported versions may be affected as well.</p> -<p>See the full release notes <a href="https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12310760&version=12334652">1.8.12</a> and <a href="https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12310760&version=12335342">2.0.1</a> for details about this release.</p> +<p><strong>Mitigation:</strong> +Upgrade to Apache PDFBox 1.8.12 respectively 2.0.1</p> <h2 id="getting-help">Getting Help</h2> @@ -198,6 +199,14 @@ skills. Subscribe to the <a href="/mailinglists.html">Mailing Lists</a> and find <h2 id="news">News</h2> +<h3>Apache PDFBox 1.8.12 and 2.0.1 released (2016-04-26) </h3> +<p>The Apache PDFBox community is pleased to announce the release of +Apache PDFBox version 1.8.12 and 2.0.1. They are available for download at:</p> + +<p><a href="http://pdfbox.apache.org/download.cgi">http://pdfbox.apache.org/download.cgi</a></p> + +<p>See the full release notes <a href="https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12310760&version=12334652">1.8.12</a> and <a href="https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12310760&version=12335342">2.0.1</a> for details about this release.</p> + <h3>Apache PDFBox 2.0.0 released (2016-03-18) </h3> <p>After more than 3 years of development the Apache PDFBox community is pleased to announce the release of Apache PDFBox version 2.0.0. It is available for download at:</p> @@ -245,15 +254,6 @@ release hopefully could be the final one.</p> <p>See the <a href="https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12310760&version=12319281">full release notes</a> for details about this release.</p> -<h3>Apache PDFBox 2.0.0 RC1 released (2015-10-19) </h3> -<p>With the initial discussions starting 3 years ago PDFBox 2.0.0 is in the works for -quite some time now - <strong>and we are in the final stages!</strong> To give you the opportunity -to provide feedback a <a href="http://pdfbox.apache.org/download.cgi">PDFBox 2.0.0-RC1 Release Candidate</a> -is now available.</p> - -<p>The <a href="http://pdfbox.apache.org/2.0/migration.html">Migration Guide</a> shall give users coming from -PDFBox 1.8 or earlier an overview about things to look at when switching over. More details to come.</p> - </div> </div> http://git-wip-us.apache.org/repos/asf/pdfbox-docs/blob/d83e9757/content/news/2016/05/27/CVE-2016-2175.html ---------------------------------------------------------------------- diff --git a/content/news/2016/05/27/CVE-2016-2175.html b/content/news/2016/05/27/CVE-2016-2175.html new file mode 100644 index 0000000..b01bf75 --- /dev/null +++ b/content/news/2016/05/27/CVE-2016-2175.html @@ -0,0 +1,200 @@ +<!DOCTYPE html> +<html lang="en"> + +<!-- + + Licensed to the Apache Software Foundation (ASF) under one or more + contributor license agreements. See the NOTICE file distributed with + this work for additional information regarding copyright ownership. + The ASF licenses this file to You under the Apache License, Version 2.0 + (the "License"); you may not use this file except in compliance with + the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE- 2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + --> + +<head> + <meta charset="utf-8"> + <meta http-equiv="X-UA-Compatible" content="IE=edge"> + <meta name="viewport" content="width=device-width, initial-scale=1"> + <meta name="description" content="The Apache PDFBox⢠library is an open source Java tool for working with PDF documents. This project allows creation of new PDF documents, manipulation of existing documents and the ability to extract content from documents. Apache PDFBox also includes several command line utilities. Apache PDFBox is published under the Apache License v2.0. +"> + + <title>Apache PDFBox | CVE-2016-2175 XML External Entity vulnerability</title> + + <link href="/bootstrap/css/bootstrap.min.css" rel="stylesheet"> + <link href="/css/pygments-github.css" rel="stylesheet"> + + <link href="/css/site.css" rel="stylesheet"> + + + + + + + +</head> + +<body> + <nav class="navbar navbar-default navbar-top"> + <div class="container"> + <div class="navbar-header"> + <a href="/index.html"> + <img class="logo" src="/images/logo-head.gif"> + </a> + <p class="pull-right visible-xs"> + <button type="button" class="btn btn-primary btn-sm" data-toggle="offcanvas">Menu</button> + </p> + </div> + </div> + </nav> + + <div class="container"> + + <div class="row row-offcanvas row-offcanvas-left"> + <div class="col-xs-6 col-sm-3 sidebar-offcanvas" id="sidebar"> + + <ul class="sidebar"> + <li class="sidebar-header">Apache PDFBox</li> + <li><a href="/index.html">Overview</a></li> + <li><a href="/download.cgi">Downloads</a></li> + + <li class="sidebar-header">Community</li> + <li><a href="/support.html">Support</a></li> + <li><a href="/mailinglists.html">Mailing Lists</a></li> + <li><a href="/team.html">Project Team</a></li> + + <li class="sidebar-header">Documentation</li> + <li class="sidebar-node" id="v2-0"> + <a href="#">2.0</a> + <ul> + <li><a href="/2.0/migration.html">Migration Guide</a></li> + <li><a href="/2.0/getting-started.html">Getting Started</a></li> + <li><a href="/2.0/examples.html">Examples</a></li> + <li><a href="/2.0/dependencies.html">Dependencies</a></li> + <li class="sidebar-node" id="v2-0-cookbook"> + <a href="#">Cookbook</a> + <ul> + <li><a href="/2.0/cookbook/encryption.html">Document Encryption</a></li> + </ul> + </li> + <li><a href="/2.0/commandline.html">Command Line Tools</a></li> + <li><a href="/docs/2.0.1/javadocs/">API Docs</a></li> + </ul> + </li> + <li class="sidebar-node" id="v1-8"> + <a href="#">1.8</a> + <ul> + <li><a href="/1.8/architecture.html">Architecture</a></li> + <li><a href="/1.8/dependencies.html">Dependencies</a></li> + <li class="sidebar-node" id="v1-8-cookbook"> + <a href="#">Cookbook</a> + <ul> + <li><a href="/1.8/cookbook/documentcreation.html">Document Creation</a></li> + <li><a href="/1.8/cookbook/textextraction.html">Text Extraction</a></li> + <li><a href="/1.8/cookbook/encryption.html">Document Encryption</a></li> + <li><a href="/1.8/cookbook/workingwithfonts.html">Working with Fonts</a></li> + <li><a href="/1.8/cookbook/workingwithmetadata.html">Working with Metadata</a></li> + <li><a href="/1.8/cookbook/workingwithattachments.html">Working with Attachments</a></li> + <li><a href="/1.8/cookbook/pdfavalidation.html">PDF/A Validation</a></li> + <li><a href="/1.8/cookbook/pdfacreation.html">Creating a PDF/A document</a></li> + </ul> + </li> + <li><a href="/1.8/commandline.html">Command Line Tools</a></li> + <li><a href="/docs/1.8.12/javadocs/">API Docs</a></li> + <li><a href="/1.8/faq.html">FAQ</a></li> + </ul> + </li> + + <li class="sidebar-header">Development</li> + <li><a href="/building.html">Building from Source</a></li> + <li><a href="/codingconventions.html">Coding Conventions</a></li> + <li><a href="/siteupdate.html">Update the Website</a></li> + <li><a href="https://builds.apache.org/view/All/job/PDFBox-trunk/">Jenkins</a></li> + <li><a href="https://travis-ci.org/apache/pdfbox">Travis CI</a></li> + <li><a href="https://analysis.apache.org/dashboard/index/org.apache.pdfbox:pdfbox-reactor">SonarQube</a></li> + <li><a href="https://issues.apache.org/jira/browse/PDFBOX">JIRA</a></li> + <li><a href="/ideas.html">Ideas</a></li> + <li><a href="/references.html">External Links</a></li> + + <li class="sidebar-header">Apache Software Foundation</li> + <li><a href="http://www.apache.org/">Apache Software Foundation</a></li> + <li><a href="http://www.apache.org/foundation/thanks.html">ASF Sponsors</a></li> + <li><a href="http://www.apache.org/security/">Security</a></li> + </ul> + </div> + <div class="col-xs-12 col-sm-9"> + <p>Due to a XML External Entity vulnerability we strongly recommend to update to the most recent version of Apache PDFBox.</p> + +<p><strong>Versions Affected:</strong> +Apache PDFBox 1.8.0 to 1.8.11 and 2.0.0. Earlier, unsupported versions may be affected as well.</p> + +<p><strong>Mitigation:</strong> +Upgrade to Apache PDFBox 1.8.12 respectively 2.0.1</p> + + </div> + </div> + </div> + + <footer class="footer"> + <div class="container"> + <div class="row"> + <div class="span3"> + <!-- nothing in here on purpose --> + </div> + <div class="span9"> + <p>Copyright © 2009–2015 <a href="http://www.apache.org/">The Apache Software Foundation</a>, Licensed under the <a href="http://www.apache.org/licenses/LICENSE-2.0">Apache License, Version 2.0</a>. + <br/>Apache PDFBox, PDFBox, Apache, the Apache feather logo and the Apache PDFBox project logos are trademarks of The Apache Software Foundation.</p> + </div> + </div> + </div> + </footer> + + <!-- Twitter Bootstrap and jQuery after this line. --> + <script src="//code.jquery.com/jquery-latest.js"></script> + <script src="/bootstrap/js/bootstrap.min.js"></script> + <script type="text/javascript"> + + $(document).ready(function () { + $('[data-toggle="offcanvas"]').click(function () { + $('.row-offcanvas').toggleClass('active') + }); + }); + + $(function() { + // collapse tree nodes dynamically to support noscript + $('.sidebar-node').addClass('collapsed'); + + + // toggle expand/collapse + $('.sidebar-node > a').click(function(e) { + $(this).parent().toggleClass('collapsed'); + e.preventDefault(); + }); + + // preserve expand/collapse across page navigation + var path = document.location.pathname; + if (path.indexOf('/1.8') == 0) { + $('#v1-8').removeClass('collapsed'); + if (path.indexOf('/1.8/cookbook') == 0) { + $('#v1-8-cookbook').removeClass('collapsed'); + } + } else { + $('#v2-0').removeClass('collapsed'); + if (path.indexOf('/2.0/cookbook') == 0) { + $('#v2-0-cookbook').removeClass('collapsed'); + } + } + + }); + </script> + +</body> + +</html> \ No newline at end of file