This is an automated email from the ASF dual-hosted git repository. lehmi pushed a commit to branch asf-site in repository https://gitbox.apache.org/repos/asf/pdfbox-docs.git
The following commit(s) were added to refs/heads/asf-site by this push: new 16a8373 Site checkin for project Apache PDFBox Website 16a8373 is described below commit 16a83736d35134c3aa8e4c899be2632b2b11deb5 Author: Andreas Lehmkühler <andr...@lehmi.de> AuthorDate: Fri Apr 12 16:24:11 2019 +0200 Site checkin for project Apache PDFBox Website --- content/blog.html | 9 ++ content/index.html | 27 ++--- .../2019/04/12/CVE-2019-0228.html} | 110 +-------------------- 3 files changed, 27 insertions(+), 119 deletions(-) diff --git a/content/blog.html b/content/blog.html index 3997503..d818d6c 100644 --- a/content/blog.html +++ b/content/blog.html @@ -159,6 +159,15 @@ <div class="col-xs-12 col-sm-9"> <h1 id="blog">Blog</h1> +<h2>CVE-2019-0228 XML External Entity vulnerability<br /><small>2019-04-12</small></h2> +<p>Due to a XML External Entity vulnerability we strongly recommend to update to the most recent version of Apache PDFBox.</p> + +<p><strong>Versions Affected:</strong> +Apache PDFBox 2.0.14 only</p> + +<p><strong>Mitigation:</strong> +Upgrade to Apache PDFBox 2.0.15</p> + <h2>Apache PDFBox 2.0.15 released<br /><small>2019-04-11</small></h2> <p>The Apache PDFBox community is pleased to announce the release of Apache PDFBox version 2.0.15. It is available for download at:</p> diff --git a/content/index.html b/content/index.html index 29550c0..b3fab8e 100644 --- a/content/index.html +++ b/content/index.html @@ -166,13 +166,14 @@ Apache PDFBox also includes several command-line utilities. Apache PDFBox is published under the Apache License v2.0.</p> -<h2>Apache PDFBox 2.0.15 released<br /><small>2019-04-11</small></h2> -<p>The Apache PDFBox community is pleased to announce the release of -Apache PDFBox version 2.0.15. It is available for download at:</p> +<h2>CVE-2019-0228 XML External Entity vulnerability<br /><small>2019-04-12</small></h2> +<p>Due to a XML External Entity vulnerability we strongly recommend to update to the most recent version of Apache PDFBox.</p> -<p><a href="https://pdfbox.apache.org/download.cgi">https://pdfbox.apache.org/download.cgi</a></p> +<p><strong>Versions Affected:</strong> +Apache PDFBox 2.0.14 only</p> -<p>See the <a href="https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12310760&version=12344997">full release notes</a> for details about this release.</p> +<p><strong>Mitigation:</strong> +Upgrade to Apache PDFBox 2.0.15</p> <h2 id="getting-help">Getting Help</h2> @@ -225,6 +226,14 @@ skills. Subscribe to the <a href="/mailinglists.html">Mailing Lists</a> and find <h2 id="news">News</h2> +<h3>Apache PDFBox 2.0.15 released<br /><small>2019-04-11</small></h3> +<p>The Apache PDFBox community is pleased to announce the release of +Apache PDFBox version 2.0.15. It is available for download at:</p> + +<p><a href="https://pdfbox.apache.org/download.cgi">https://pdfbox.apache.org/download.cgi</a></p> + +<p>See the <a href="https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12310760&version=12344997">full release notes</a> for details about this release.</p> + <h3>Apache PDFBox 2.0.14 released<br /><small>2019-02-28</small></h3> <p>The Apache PDFBox community is pleased to announce the release of Apache PDFBox version 2.0.14. It is available for download at:</p> @@ -258,14 +267,6 @@ Apache PDFBox version 1.8.16 and 2.0.12. They are available for download at:</p> <p>See the full release notes <a href="https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12310760&version=12343490">1.8.16</a> and <a href="https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12310760&version=12343489">2.0.12</a> for details about this release.</p> -<h3>Apache PBFBox JBIG2 ImageIO plugin 3.0.2 released<br /><small>2018-09-25</small></h3> -<p>The Apache PDFBox community is pleased to announce the release of -Apache PDFBox JBIG2 ImageIO plugin version 3.0.2. It is available for download at:</p> - -<p><a href="https://pdfbox.apache.org/download.cgi">https://pdfbox.apache.org/download.cgi</a></p> - -<p>See the <a href="https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12310760&version=12343308">full release notes</a> for details about this release.</p> - </div> </div> diff --git a/content/index.html b/content/news/2019/04/12/CVE-2019-0228.html similarity index 66% copy from content/index.html copy to content/news/2019/04/12/CVE-2019-0228.html index 29550c0..107b87d 100644 --- a/content/index.html +++ b/content/news/2019/04/12/CVE-2019-0228.html @@ -26,7 +26,7 @@ <meta name="description" content="The Apache PDFBox™ library is an open source Java tool for working with PDF documents. This project allows creation of new PDF documents, manipulation of existing documents and the ability to extract content from documents. Apache PDFBox also includes several command-line utilities. Apache PDFBox is published under the Apache License v2.0. "> - <title>Apache PDFBox | A Java PDF Library</title> + <title>Apache PDFBox | CVE-2019-0228 XML External Entity vulnerability</title> <link href="/bootstrap/css/bootstrap.min.css" rel="stylesheet"> <link href="/css/pygments-github.css" rel="stylesheet"> @@ -157,115 +157,13 @@ <a href="https://www.apache.org/foundation/contributing.html"><img width="135" src="/images/SupportApache.jpg"></a> </div> <div class="col-xs-12 col-sm-9"> - <h1 id="apache-pdfbox---a-java-pdf-library">Apache PDFBox<sup>®</sup> - A Java PDF Library</h1> - -<p class="lead">The Apache PDFBox<sup>®</sup> library is an open source Java tool for working with - PDF documents. This project allows creation of new PDF documents, manipulation of existing - documents and the ability to extract content from documents. - - Apache PDFBox also includes several command-line utilities. - Apache PDFBox is published under the Apache License v2.0.</p> - -<h2>Apache PDFBox 2.0.15 released<br /><small>2019-04-11</small></h2> -<p>The Apache PDFBox community is pleased to announce the release of -Apache PDFBox version 2.0.15. It is available for download at:</p> - -<p><a href="https://pdfbox.apache.org/download.cgi">https://pdfbox.apache.org/download.cgi</a></p> - -<p>See the <a href="https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12310760&version=12344997">full release notes</a> for details about this release.</p> - -<h2 id="getting-help">Getting Help</h2> - -<p>To get help on using PDFBox, please <a href="mailto:users-subscr...@pdfbox.apache.org">Subscribe to the Users Mailing List</a> and post your -questions there. We’re happy to help.</p> - -<p>The project is a volunteer effort and we’re always looking for interested people to help -us improve PDFBox. There are a multitude of ways that you can help us depending on your -skills. Subscribe to the <a href="/mailinglists.html">Mailing Lists</a> and find out how you can help.</p> - -<h2 id="features">Features</h2> - -<div class="row"> - <div class="col-md-3"> - <header><h4><svg aria-hidden="true" class="open-iconic open-iconic-box" width="8" height="8" viewBox="0 0 8 8" role="img" version="1.1" alt="box image"><path d="M0 0v1h8v-1h-8zm0 2v5.91c0 .05.04.09.09.09h7.81c.05 0 .09-.04.09-.09v-5.91h-2.97v1.03h-2.03v-1.03h-3z" /></svg>Extract Text</h4></header> - <p>Extract Unicode text from PDF files.</p> - </div> - <div class="col-md-3"> - <header><h4><svg aria-hidden="true" class="open-iconic open-iconic-box" width="8" height="8" viewBox="0 0 8 8" role="img" version="1.1" alt="box image"><path d="M0 0v1h8v-1h-8zm0 2v5.91c0 .05.04.09.09.09h7.81c.05 0 .09-.04.09-.09v-5.91h-2.97v1.03h-2.03v-1.03h-3z" /></svg>Split & Merge</h4></header> - <p>Split a single PDF into many files or merge multiple PDF files.</p> - </div> - <div class="col-md-3"> - <header><h4><svg aria-hidden="true" class="open-iconic open-iconic-box" width="8" height="8" viewBox="0 0 8 8" role="img" version="1.1" alt="box image"><path d="M0 0v1h8v-1h-8zm0 2v5.91c0 .05.04.09.09.09h7.81c.05 0 .09-.04.09-.09v-5.91h-2.97v1.03h-2.03v-1.03h-3z" /></svg>Fill Forms</h4></header> - <p>Extract data from PDF forms or fill a PDF form.</p> - </div> - <div class="col-md-3"> - <header><h4><svg aria-hidden="true" class="open-iconic open-iconic-box" width="8" height="8" viewBox="0 0 8 8" role="img" version="1.1" alt="box image"><path d="M0 0v1h8v-1h-8zm0 2v5.91c0 .05.04.09.09.09h7.81c.05 0 .09-.04.09-.09v-5.91h-2.97v1.03h-2.03v-1.03h-3z" /></svg>Preflight</h4></header> - <p>Validate PDF files against the PDF/A-1b standard.</p> - </div> -</div> - -<div class="row"> - <div class="col-md-3"> - <header><h4><svg aria-hidden="true" class="open-iconic open-iconic-box" width="8" height="8" viewBox="0 0 8 8" role="img" version="1.1" alt="box image"><path d="M0 0v1h8v-1h-8zm0 2v5.91c0 .05.04.09.09.09h7.81c.05 0 .09-.04.09-.09v-5.91h-2.97v1.03h-2.03v-1.03h-3z" /></svg>Print</h4></header> - <p>Print a PDF file using the standard Java printing API.</p> - </div> - <div class="col-md-3"> - <header><h4><svg aria-hidden="true" class="open-iconic open-iconic-box" width="8" height="8" viewBox="0 0 8 8" role="img" version="1.1" alt="box image"><path d="M0 0v1h8v-1h-8zm0 2v5.91c0 .05.04.09.09.09h7.81c.05 0 .09-.04.09-.09v-5.91h-2.97v1.03h-2.03v-1.03h-3z" /></svg>Save as Image</h4></header> - <p>Save PDFs as image files, such as PNG or JPEG.</p> - </div> - <div class="col-md-3"> - <header><h4><svg aria-hidden="true" class="open-iconic open-iconic-box" width="8" height="8" viewBox="0 0 8 8" role="img" version="1.1" alt="box image"><path d="M0 0v1h8v-1h-8zm0 2v5.91c0 .05.04.09.09.09h7.81c.05 0 .09-.04.09-.09v-5.91h-2.97v1.03h-2.03v-1.03h-3z" /></svg>Create PDFs</h4></header> - <p>Create a PDF from scratch, with embedded fonts and images.</p> - </div> - <div class="col-md-3"> - <header><h4><svg aria-hidden="true" class="open-iconic open-iconic-box" width="8" height="8" viewBox="0 0 8 8" role="img" version="1.1" alt="box image"><path d="M0 0v1h8v-1h-8zm0 2v5.91c0 .05.04.09.09.09h7.81c.05 0 .09-.04.09-.09v-5.91h-2.97v1.03h-2.03v-1.03h-3z" /></svg>Signing</h4></header> - <p>Digitally sign PDF files.</p> - </div> -</div> - -<h2 id="news">News</h2> - -<h3>Apache PDFBox 2.0.14 released<br /><small>2019-02-28</small></h3> -<p>The Apache PDFBox community is pleased to announce the release of -Apache PDFBox version 2.0.14. It is available for download at:</p> - -<p><a href="https://pdfbox.apache.org/download.cgi">https://pdfbox.apache.org/download.cgi</a></p> - -<p>See the <a href="https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12310760&version=12344563">full release notes</a> for details about this release.</p> - -<h3>Apache PDFBox 2.0.13 released<br /><small>2018-12-02</small></h3> -<p>The Apache PDFBox community is pleased to announce the release of -Apache PDFBox version 2.0.13. It is available for download at:</p> - -<p><a href="https://pdfbox.apache.org/download.cgi">https://pdfbox.apache.org/download.cgi</a></p> - -<p>See the <a href="https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12310760&version=12344153">full release notes</a> for details about this release.</p> - -<h3>[CVE-2018-11797] DoS vulnerability in Apache PDFBox parser<br /><small>2018-10-05</small></h3> -<p>DoS vulnerability in Apache PDFBox parser we strongly recommend to update to the most recent version of Apache PDFBox.</p> + <p>Due to a XML External Entity vulnerability we strongly recommend to update to the most recent version of Apache PDFBox.</p> <p><strong>Versions Affected:</strong> -Apache PDFBox 1.8.0 to 1.8.15 and 2.0.0RC1 to 2.0.11. Earlier, unsupported versions may be affected as well.</p> +Apache PDFBox 2.0.14 only</p> <p><strong>Mitigation:</strong> -Upgrade to Apache PDFBox 1.8.16 respectively 2.0.12</p> - -<h3>Apache PDFBox 1.8.16 and 2.0.12 released<br /><small>2018-10-05</small></h3> -<p>The Apache PDFBox community is pleased to announce the release of -Apache PDFBox version 1.8.16 and 2.0.12. They are available for download at:</p> - -<p><a href="https://pdfbox.apache.org/download.cgi">https://pdfbox.apache.org/download.cgi</a></p> - -<p>See the full release notes <a href="https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12310760&version=12343490">1.8.16</a> and <a href="https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12310760&version=12343489">2.0.12</a> for details about this release.</p> - -<h3>Apache PBFBox JBIG2 ImageIO plugin 3.0.2 released<br /><small>2018-09-25</small></h3> -<p>The Apache PDFBox community is pleased to announce the release of -Apache PDFBox JBIG2 ImageIO plugin version 3.0.2. It is available for download at:</p> - -<p><a href="https://pdfbox.apache.org/download.cgi">https://pdfbox.apache.org/download.cgi</a></p> - -<p>See the <a href="https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12310760&version=12343308">full release notes</a> for details about this release.</p> - +Upgrade to Apache PDFBox 2.0.15</p> </div> </div>