Author: centic
Date: Sat Apr 22 04:33:31 2023
New Revision: 1909344
URL: http://svn.apache.org/viewvc?rev=1909344&view=rev
Log:
Update versions of some third-party libraries to match what Apache POI
currently uses
Modified:
poi/site/publish/changes.html
poi/site/publish/components/index.html
poi/site/publish/encryption.html
poi/site/publish/index.html
poi/site/src/documentation/content/xdocs/components/index.xml
poi/site/src/documentation/content/xdocs/encryption.xml
poi/site/src/documentation/content/xdocs/index.xml
Modified: poi/site/publish/changes.html
URL:
http://svn.apache.org/viewvc/poi/site/publish/changes.html?rev=1909344&r1=1909343&r2=1909344&view=diff
==============================================================================
--- poi/site/publish/changes.html (original)
+++ poi/site/publish/changes.html Sat Apr 22 04:33:31 2023
@@ -227,15 +227,15 @@ document.write("Last Published: " + docu
<li>Upgrade log4j-api dependency to 2.20.0</li>
-<li>Upgrade xmlsec dependency to 3.0.1</li>
+<li>Upgrade xmlsec dependency to 3.0.2</li>
<li>Upgrade batik dependency to 1.16</li>
-<li>Upgrade pdfbox dependency to 2.0.27, graphics2d to 0.42</li>
+<li>Upgrade pdfbox dependency to 2.0.28, graphics2d to 0.42</li>
-<li>Upgrade commons-compress dependency to 1.22</li>
+<li>Upgrade commons-compress dependency to 1.23.0</li>
-<li>Use jdk18on versions of bouncycastle jars (v1.72)</li>
+<li>Use jdk18on versions of bouncycastle jars (v1.73)</li>
</ul>
<a name="Changes"></a>
Modified: poi/site/publish/components/index.html
URL:
http://svn.apache.org/viewvc/poi/site/publish/components/index.html?rev=1909344&r1=1909343&r2=1909344&view=diff
==============================================================================
--- poi/site/publish/components/index.html (original)
+++ poi/site/publish/components/index.html Sat Apr 22 04:33:31 2023
@@ -614,7 +614,7 @@ document.write("Last Published: " + docu
<tr>
<td colspan="1" rowspan="1">poi</td>
- <td colspan="1" rowspan="1"><a
href="https://search.maven.org/#artifactdetails|org.apache.logging.log4j|log4j-api|2.17.1|jar">log4j
2.x</a>,
+ <td colspan="1" rowspan="1"><a
href="https://search.maven.org/#artifactdetails|org.apache.logging.log4j|log4j-api|2.20.0|jar">log4j
2.x</a>,
<a
href="https://search.maven.org/#artifactdetails|commons-codec|commons-codec|1.15|jar">commons-codec</a>,
<a
href="https://search.maven.org/#artifactdetails|org.apache.commons|commons-collections4|4.4|jar">commons-collections</a>,
<a
href="https://search.maven.org/#artifactdetails|org.apache.commons|commons-math3|3.6.1|jar">commons-math3</a>
@@ -637,7 +637,7 @@ document.write("Last Published: " + docu
<td colspan="1" rowspan="1">poi-ooxml</td>
<td colspan="1" rowspan="1"><a
href="https://search.maven.org/#search|gav|1|g:org.apache.poi AND
a:poi">poi</a>,
<a href="https://search.maven.org/#search|gav|1|g:org.apache.poi
AND a:poi-ooxml-lite">poi-ooxml-lite</a>,
- <a
href="https://search.maven.org/#artifactdetails|org.apache.commons|commons-compress|1.21|jar">commons-compress</a>,
+ <a
href="https://search.maven.org/#artifactdetails|org.apache.commons|commons-compress|1.23.0|jar">commons-compress</a>,
<a
href="https://search.maven.org/#artifactdetails|com.zaxxer|SparseBitSet|1.2|jar">SparseBitSet</a>
<br>
For SVG support:
@@ -657,7 +657,7 @@ document.write("Last Published: " + docu
<tr>
<td colspan="1" rowspan="1">poi-ooxml-lite</td>
- <td colspan="1" rowspan="1"><a
href="https://search.maven.org/#artifactdetails|org.apache.xmlbeans|xmlbeans|5.0.1|jar">xmlbeans</a></td>
+ <td colspan="1" rowspan="1"><a
href="https://search.maven.org/#artifactdetails|org.apache.xmlbeans|xmlbeans|5.1.1|jar">xmlbeans</a></td>
<td colspan="1" rowspan="1">poi-ooxml-lite-version-yyyymmdd.jar</td>
</tr>
@@ -676,13 +676,13 @@ document.write("Last Published: " + docu
<tr>
<td colspan="1" rowspan="1">poi-ooxml-full (known as ooxml-schemas)</td>
- <td colspan="1" rowspan="1"><a
href="https://search.maven.org/#artifactdetails|org.apache.xmlbeans|xmlbeans|5.0.3|jar">xmlbeans</a>
+ <td colspan="1" rowspan="1"><a
href="https://search.maven.org/#artifactdetails|org.apache.xmlbeans|xmlbeans|5.1.1|jar">xmlbeans</a>
<br>
For signing:
- <a
href="https://search.maven.org/#artifactdetails|org.bouncycastle|bcpkix-jdk15on|1.70|jar">bcpkix-jdk15on</a>,
- <a
href="https://search.maven.org/#artifactdetails|org.bouncycastle|bcprov-jdk15on|1.70|jar">bcprov-jdk15on</a>,
- <a
href="https://search.maven.org/#artifactdetails|org.apache.santuario|xmlsec|2.3.0|bundle">xmlsec</a>,
- <a
href="https://search.maven.org/#artifactdetails|org.slf4j|slf4j-api|1.7.36|jar">slf4j-api</a>
+ <a
href="https://search.maven.org/#artifactdetails|org.bouncycastle|bcpkix-jdk18on|1.73|jar">bcpkix-jdk18on</a>,
+ <a
href="https://search.maven.org/#artifactdetails|org.bouncycastle|bcutil-jdk18on|1.73|jar">bcprov-jdk18on</a>,
+ <a
href="https://search.maven.org/#artifactdetails|org.apache.santuario|xmlsec|3.0.2|bundle">xmlsec</a>,
+ <a
href="https://search.maven.org/#artifactdetails|org.slf4j|slf4j-api|2.0.7|jar">slf4j-api</a>
</td>
<td colspan="1" rowspan="1">poi-ooxml-full-version-yyyymmdd.jar</td>
Modified: poi/site/publish/encryption.html
URL:
http://svn.apache.org/viewvc/poi/site/publish/encryption.html?rev=1909344&r1=1909343&r2=1909344&view=diff
==============================================================================
--- poi/site/publish/encryption.html (original)
+++ poi/site/publish/encryption.html Sat Apr 22 04:33:31 2023
@@ -565,9 +565,9 @@ document.write("Last Published: " + docu
<a href="components/">default dependencies</a>:</p>
<ul>
-<li>BouncyCastle bcpkix, bcprov and bcutil (tested against 1.70)</li>
+<li>BouncyCastle bcpkix, bcprov and bcutil (tested against 1.73)</li>
-<li>Apache Santuario "xmlsec" (tested against 2.3.0)</li>
+<li>Apache Santuario "xmlsec" (tested against 3.0.2)</li>
<li>and slf4j-api (tested against 1.7.x)</li>
Modified: poi/site/publish/index.html
URL:
http://svn.apache.org/viewvc/poi/site/publish/index.html?rev=1909344&r1=1909343&r2=1909344&view=diff
==============================================================================
--- poi/site/publish/index.html (original)
+++ poi/site/publish/index.html Sat Apr 22 04:33:31 2023
@@ -209,7 +209,7 @@ document.write("Last Published: " + docu
The security vulnerabilities are not in log4j-api - they are in
log4j-core.</p>
<p>If any POI or XMLBeans user uses log4j-core to control their logging of
their application,
we strongly recommend that they upgrade all their log4j
dependencies to the latest
- version (currently v2.17.1) - including log4j-api.</p>
+ version (currently v2.20.0) - including log4j-api.</p>
<a
name="13+January+2021+-+CVE-2021-23926+-+XML+External+Entity+%28XXE%29+Processing+in+Apache+XMLBeans+versions+prior+to+3.0.0"></a>
<h3 class="boxed">13 January 2021 - CVE-2021-23926 - XML External Entity (XXE)
Processing in Apache XMLBeans versions prior to 3.0.0</h3>
<p>Description:<br>
Modified: poi/site/src/documentation/content/xdocs/components/index.xml
URL:
http://svn.apache.org/viewvc/poi/site/src/documentation/content/xdocs/components/index.xml?rev=1909344&r1=1909343&r2=1909344&view=diff
==============================================================================
--- poi/site/src/documentation/content/xdocs/components/index.xml (original)
+++ poi/site/src/documentation/content/xdocs/components/index.xml Sat Apr 22
04:33:31 2023
@@ -291,7 +291,7 @@
</tr>
<tr>
<td>poi</td>
- <td><a
href="https://search.maven.org/#artifactdetails|org.apache.logging.log4j|log4j-api|2.17.1|jar">log4j
2.x</a>,
+ <td><a
href="https://search.maven.org/#artifactdetails|org.apache.logging.log4j|log4j-api|2.20.0|jar">log4j
2.x</a>,
<a
href="https://search.maven.org/#artifactdetails|commons-codec|commons-codec|1.15|jar">commons-codec</a>,
<a
href="https://search.maven.org/#artifactdetails|org.apache.commons|commons-collections4|4.4|jar">commons-collections</a>,
<a
href="https://search.maven.org/#artifactdetails|org.apache.commons|commons-math3|3.6.1|jar">commons-math3</a>
@@ -308,7 +308,7 @@
<td>poi-ooxml</td>
<td><a href="https://search.maven.org/#search|gav|1|g:org.apache.poi
AND a:poi">poi</a>,
<a href="https://search.maven.org/#search|gav|1|g:org.apache.poi
AND a:poi-ooxml-lite">poi-ooxml-lite</a>,
- <a
href="https://search.maven.org/#artifactdetails|org.apache.commons|commons-compress|1.21|jar">commons-compress</a>,
+ <a
href="https://search.maven.org/#artifactdetails|org.apache.commons|commons-compress|1.23.0|jar">commons-compress</a>,
<a
href="https://search.maven.org/#artifactdetails|com.zaxxer|SparseBitSet|1.2|jar">SparseBitSet</a><br/>
For SVG support:
<a
href="https://search.maven.org/#search|gav|1|g:org.apache.xmlgraphics AND
a:batik-all">batik-all</a>,
@@ -323,7 +323,7 @@
</tr>
<tr>
<td>poi-ooxml-lite</td>
- <td><a
href="https://search.maven.org/#artifactdetails|org.apache.xmlbeans|xmlbeans|5.0.1|jar">xmlbeans</a></td>
+ <td><a
href="https://search.maven.org/#artifactdetails|org.apache.xmlbeans|xmlbeans|5.1.1|jar">xmlbeans</a></td>
<td>poi-ooxml-lite-version-yyyymmdd.jar</td>
</tr>
<tr>
@@ -336,12 +336,12 @@
</tr>
<tr>
<td>poi-ooxml-full (known as ooxml-schemas)</td>
- <td><a
href="https://search.maven.org/#artifactdetails|org.apache.xmlbeans|xmlbeans|5.0.3|jar">xmlbeans</a><br/>
+ <td><a
href="https://search.maven.org/#artifactdetails|org.apache.xmlbeans|xmlbeans|5.1.1|jar">xmlbeans</a><br/>
For signing:
- <a
href="https://search.maven.org/#artifactdetails|org.bouncycastle|bcpkix-jdk15on|1.70|jar">bcpkix-jdk15on</a>,
- <a
href="https://search.maven.org/#artifactdetails|org.bouncycastle|bcprov-jdk15on|1.70|jar">bcprov-jdk15on</a>,
- <a
href="https://search.maven.org/#artifactdetails|org.apache.santuario|xmlsec|2.3.0|bundle">xmlsec</a>,
- <a
href="https://search.maven.org/#artifactdetails|org.slf4j|slf4j-api|1.7.36|jar">slf4j-api</a>
+ <a
href="https://search.maven.org/#artifactdetails|org.bouncycastle|bcpkix-jdk18on|1.73|jar">bcpkix-jdk18on</a>,
+ <a
href="https://search.maven.org/#artifactdetails|org.bouncycastle|bcutil-jdk18on|1.73|jar">bcprov-jdk18on</a>,
+ <a
href="https://search.maven.org/#artifactdetails|org.apache.santuario|xmlsec|3.0.2|bundle">xmlsec</a>,
+ <a
href="https://search.maven.org/#artifactdetails|org.slf4j|slf4j-api|2.0.7|jar">slf4j-api</a>
</td>
<td>poi-ooxml-full-version-yyyymmdd.jar</td>
</tr>
Modified: poi/site/src/documentation/content/xdocs/encryption.xml
URL:
http://svn.apache.org/viewvc/poi/site/src/documentation/content/xdocs/encryption.xml?rev=1909344&r1=1909343&r2=1909344&view=diff
==============================================================================
--- poi/site/src/documentation/content/xdocs/encryption.xml (original)
+++ poi/site/src/documentation/content/xdocs/encryption.xml Sat Apr 22 04:33:31
2023
@@ -249,8 +249,8 @@
<p>The classes have been tested against the following libraries, which
need to be included additionally to the
<a href="site:components">default dependencies</a>:</p>
<ul>
- <li>BouncyCastle bcpkix, bcprov and bcutil (tested against
1.70)</li>
- <li>Apache Santuario "xmlsec" (tested against 2.3.0)</li>
+ <li>BouncyCastle bcpkix, bcprov and bcutil (tested against
1.73)</li>
+ <li>Apache Santuario "xmlsec" (tested against 3.0.2)</li>
<li>and slf4j-api (tested against 1.7.x)</li>
</ul>
<p>Depending on the <a
href="apidocs/dev/org/apache/poi/poifs/crypt/dsig/SignatureConfig.html">configuration</a>
Modified: poi/site/src/documentation/content/xdocs/index.xml
URL:
http://svn.apache.org/viewvc/poi/site/src/documentation/content/xdocs/index.xml?rev=1909344&r1=1909343&r2=1909344&view=diff
==============================================================================
--- poi/site/src/documentation/content/xdocs/index.xml (original)
+++ poi/site/src/documentation/content/xdocs/index.xml Sat Apr 22 04:33:31 2023
@@ -58,7 +58,7 @@
The security vulnerabilities are not in log4j-api - they are in
log4j-core.</p>
<p>If any POI or XMLBeans user uses log4j-core to control their
logging of their application,
we strongly recommend that they upgrade all their log4j
dependencies to the latest
- version (currently v2.17.1) - including log4j-api.</p>
+ version (currently v2.20.0) - including log4j-api.</p>
</section>
<section><title>13 January 2021 - CVE-2021-23926 - XML External Entity
(XXE) Processing in Apache XMLBeans versions prior to 3.0.0</title>
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
