Author: fanningpj
Date: Tue Oct 24 21:56:08 2023
New Revision: 1913304
URL: http://svn.apache.org/viewvc?rev=1913304&view=rev
Log:
security docs
Modified:
poi/site/publish/apidocs/index.html
poi/site/publish/changes.html
poi/site/publish/components/index.html
poi/site/publish/security.html
poi/site/publish/skin/images/rc-b-l-15-1body-2menu-3menu.png
poi/site/publish/skin/images/rc-b-r-15-1body-2menu-3menu.png
poi/site/publish/skin/images/rc-b-r-5-1header-2tab-selected-3tab-selected.png
poi/site/publish/skin/images/rc-t-l-5-1header-2searchbox-3searchbox.png
poi/site/publish/skin/images/rc-t-l-5-1header-2tab-selected-3tab-selected.png
poi/site/publish/skin/images/rc-t-l-5-1header-2tab-unselected-3tab-unselected.png
poi/site/publish/skin/images/rc-t-r-15-1body-2menu-3menu.png
poi/site/publish/skin/images/rc-t-r-5-1header-2searchbox-3searchbox.png
poi/site/publish/skin/images/rc-t-r-5-1header-2tab-selected-3tab-selected.png
poi/site/publish/skin/images/rc-t-r-5-1header-2tab-unselected-3tab-unselected.png
Modified: poi/site/publish/apidocs/index.html
URL:
http://svn.apache.org/viewvc/poi/site/publish/apidocs/index.html?rev=1913304&r1=1913303&r2=1913304&view=diff
==============================================================================
--- poi/site/publish/apidocs/index.html (original)
+++ poi/site/publish/apidocs/index.html Tue Oct 24 21:56:08 2023
@@ -126,6 +126,9 @@ document.write("Last Published: " + docu
<a href="../encryption.html">Encryption support</a>
</div>
<div class="menuitem">
+<a href="../security.html">Secure processing</a>
+</div>
+<div class="menuitem">
<a href="../casestudies.html">Case Studies</a>
</div>
<div class="menuitem">
Modified: poi/site/publish/changes.html
URL:
http://svn.apache.org/viewvc/poi/site/publish/changes.html?rev=1913304&r1=1913303&r2=1913304&view=diff
==============================================================================
--- poi/site/publish/changes.html (original)
+++ poi/site/publish/changes.html Tue Oct 24 21:56:08 2023
@@ -229,7 +229,7 @@ document.write("Last Published: " + docu
<li>Upgrade commons-io dependency to 2.14.0</li>
-<li>Upgrade log4j-api dependency to 2.21.0</li>
+<li>Upgrade log4j-api dependency to 2.21.1</li>
<li>Upgrade xmlsec dependency to 3.0.3</li>
@@ -276,7 +276,7 @@ document.write("Last Published: " + docu
5.2.4 (2023-09-28)
</h2>
<div class="section">
-<a name="Summary"></a>
+<a name="Summary-N10090"></a>
<h3 class="boxed">Summary</h3>
<ul>
@@ -303,7 +303,7 @@ document.write("Last Published: " + docu
<li>Use jdk18on versions of bouncycastle jars (v1.76)</li>
</ul>
-<a name="Changes"></a>
+<a name="Changes-N100B8"></a>
<h3 class="boxed">Changes</h3>
<table class="POITable">
<colgroup>
@@ -449,7 +449,7 @@ document.write("Last Published: " + docu
5.2.3 (2022-09-16)
</h2>
<div class="section">
-<a name="Summary-N10238"></a>
+<a name="Summary-N102B9"></a>
<h3 class="boxed">Summary</h3>
<ul>
@@ -468,7 +468,7 @@ document.write("Last Published: " + docu
<li>Avoid some more possible overly large memory allocations on certain input
documents</li>
</ul>
-<a name="Changes-N10254"></a>
+<a name="Changes-N102D5"></a>
<h3 class="boxed">Changes</h3>
<table class="POITable">
<colgroup>
@@ -670,14 +670,14 @@ document.write("Last Published: " + docu
5.2.2 (2022-03-19)
</h2>
<div class="section">
-<a name="Summary-N10535"></a>
+<a name="Summary-N105B6"></a>
<h3 class="boxed">Summary</h3>
<ul>
<li>Upgrade log4j-api dependency to 2.17.2 and graphics2d dependency to 0.35
as well as some test dependencies</li>
</ul>
-<a name="Changes-N1053F"></a>
+<a name="Changes-N105C0"></a>
<h3 class="boxed">Changes</h3>
<table class="POITable">
<colgroup>
@@ -731,14 +731,14 @@ document.write("Last Published: " + docu
5.2.1 (2022-03-03)
</h2>
<div class="section">
-<a name="Summary-N105D0"></a>
+<a name="Summary-N10651"></a>
<h3 class="boxed">Summary</h3>
<ul>
<li>Upgrade curvesapi dependency to 1.07</li>
</ul>
-<a name="Changes-N105DA"></a>
+<a name="Changes-N1065B"></a>
<h3 class="boxed">Changes</h3>
<table class="POITable">
<colgroup>
@@ -812,7 +812,7 @@ document.write("Last Published: " + docu
5.2.0 (2022-01-14)
</h2>
<div class="section">
-<a name="Summary-N106BB"></a>
+<a name="Summary-N1073C"></a>
<h3 class="boxed">Summary</h3>
<ul>
@@ -825,7 +825,7 @@ document.write("Last Published: " + docu
<li>Upgrade PDFBox Graphics2d dependency to 0.34 and PDFBox dependency to
2.0.25</li>
</ul>
-<a name="Changes-N106CE"></a>
+<a name="Changes-N1074F"></a>
<h3 class="boxed">Changes</h3>
<table class="POITable">
<colgroup>
@@ -919,7 +919,7 @@ document.write("Last Published: " + docu
5.1.0 (2021-11-01)
</h2>
<div class="section">
-<a name="Summary-N107FF"></a>
+<a name="Summary-N10880"></a>
<h3 class="boxed">Summary</h3>
<ul>
@@ -946,7 +946,7 @@ document.write("Last Published: " + docu
<li>By default, no DTDs will be accepted in XML files. This can be relaxed by
setting
POIXMLTypeLoader.DEFAULT_XML_OPTIONS.setDisallowDocTypeDeclaration(false).</li>
</ul>
-<a name="Changes-N10827"></a>
+<a name="Changes-N108A8"></a>
<h3 class="boxed">Changes</h3>
<table class="POITable">
<colgroup>
@@ -1148,7 +1148,7 @@ document.write("Last Published: " + docu
5.0.0 (2021-01-20)
</h2>
<div class="section">
-<a name="Summary-N10B08"></a>
+<a name="Summary-N10B89"></a>
<h3 class="boxed">Summary</h3>
<ul>
@@ -1175,7 +1175,7 @@ document.write("Last Published: " + docu
<li>new experimental DeferredSXSSFWorkbook which creates fewer temp files by
lazily generating rows (see DeferredGeneration in poi-examples)</li>
</ul>
-<a name="Changes-N10B2D"></a>
+<a name="Changes-N10BAE"></a>
<h3 class="boxed">Changes</h3>
<table class="POITable">
<colgroup>
@@ -1485,7 +1485,7 @@ document.write("Last Published: " + docu
4.1.2 (2020-02-17)
</h2>
<div class="section">
-<a name="Summary-N10FB5"></a>
+<a name="Summary-N11036"></a>
<h3 class="boxed">Summary</h3>
<ul>
@@ -1500,7 +1500,7 @@ document.write("Last Published: " + docu
<li>updated dependencies to Bouncycastle 1.64</li>
</ul>
-<a name="Changes-N10FCB"></a>
+<a name="Changes-N1104C"></a>
<h3 class="boxed">Changes</h3>
<table class="POITable">
<colgroup>
@@ -1634,7 +1634,7 @@ document.write("Last Published: " + docu
4.1.1 (2019-10-20)
</h2>
<div class="section">
-<a name="Summary-N11196"></a>
+<a name="Summary-N11217"></a>
<h3 class="boxed">Summary</h3>
<ul>
@@ -1653,7 +1653,7 @@ document.write("Last Published: " + docu
<li>CVE-2019-12415 - XML External Entity (XXE) Processing in Apache POI</li>
</ul>
-<a name="Changes-N111B2"></a>
+<a name="Changes-N11233"></a>
<h3 class="boxed">Changes</h3>
<table class="POITable">
<colgroup>
@@ -1803,7 +1803,7 @@ document.write("Last Published: " + docu
4.1.0 (2019-04-09)
</h2>
<div class="section">
-<a name="Summary-N113BA"></a>
+<a name="Summary-N1143B"></a>
<h3 class="boxed">Summary</h3>
<ul>
@@ -1828,7 +1828,7 @@ document.write("Last Published: " + docu
<li>Upgrade to XMLSec 2.1.2</li>
</ul>
-<a name="Changes-N113DF"></a>
+<a name="Changes-N11460"></a>
<h3 class="boxed">Changes</h3>
<table class="POITable">
<colgroup>
@@ -2002,7 +2002,7 @@ document.write("Last Published: " + docu
4.0.1 (2018-12-03)
</h2>
<div class="section">
-<a name="Summary-N11650"></a>
+<a name="Summary-N116D1"></a>
<h3 class="boxed">Summary</h3>
<ul>
@@ -2013,7 +2013,7 @@ document.write("Last Published: " + docu
<li>Upgrade to XMLBeans 3.0.2</li>
</ul>
-<a name="Changes-N11660"></a>
+<a name="Changes-N116E1"></a>
<h3 class="boxed">Changes</h3>
<table class="POITable">
<colgroup>
@@ -2171,7 +2171,7 @@ document.write("Last Published: " + docu
4.0.0 (2018-09-07)
</h2>
<div class="section">
-<a name="Summary-N11891"></a>
+<a name="Summary-N11912"></a>
<h3 class="boxed">Summary</h3>
<ul>
@@ -2180,7 +2180,7 @@ document.write("Last Published: " + docu
<li>New OOXML schema (1.4) necessary, because of incompatible XMLBeans loading
not anymore through POIXMLTypeLoader</li>
</ul>
-<a name="Changes-N1189E"></a>
+<a name="Changes-N1191F"></a>
<h3 class="boxed">Changes</h3>
<table class="POITable">
<colgroup>
Modified: poi/site/publish/components/index.html
URL:
http://svn.apache.org/viewvc/poi/site/publish/components/index.html?rev=1913304&r1=1913303&r2=1913304&view=diff
==============================================================================
--- poi/site/publish/components/index.html (original)
+++ poi/site/publish/components/index.html Tue Oct 24 21:56:08 2023
@@ -614,7 +614,7 @@ document.write("Last Published: " + docu
<tr>
<td colspan="1" rowspan="1">poi</td>
- <td colspan="1" rowspan="1"><a
href="https://search.maven.org/#artifactdetails|org.apache.logging.log4j|log4j-api|2.21.0|jar">log4j
2.x</a>,
+ <td colspan="1" rowspan="1"><a
href="https://search.maven.org/#artifactdetails|org.apache.logging.log4j|log4j-api|2.21.1|jar">log4j
2.x</a>,
<a
href="https://search.maven.org/#artifactdetails|commons-codec|commons-codec|1.16.0|jar">commons-codec</a>,
<a
href="https://search.maven.org/#artifactdetails|org.apache.commons|commons-collections4|4.4|jar">commons-collections</a>,
<a
href="https://search.maven.org/#artifactdetails|org.apache.commons|commons-math3|3.6.1|jar">commons-math3</a>
Modified: poi/site/publish/security.html
URL:
http://svn.apache.org/viewvc/poi/site/publish/security.html?rev=1913304&r1=1913303&r2=1913304&view=diff
==============================================================================
--- poi/site/publish/security.html (original)
+++ poi/site/publish/security.html Tue Oct 24 21:56:08 2023
@@ -236,6 +236,16 @@ document.write("Last Published: " + docu
</li>
<li>
+<strong>Memory use can be very high</strong>
+<br>
+ The data in Microsoft format files is usually compressed so
even small files can have a lot of data.
+ <br>
+ The core POI APIs are not optimized to avoid excessive memory
use. POI has streaming APIs for reading
+ and writing xlsx files - so if you are working with large xlsx
files, you should consider using the
+ streaming APIs.
+ </li>
+
+<li>
<strong>Consider sandboxing document-parsing</strong>
<br>
If you operate in a highly sensitive enviornment and would
like to avoid any side effect from
Modified: poi/site/publish/skin/images/rc-b-l-15-1body-2menu-3menu.png
URL:
http://svn.apache.org/viewvc/poi/site/publish/skin/images/rc-b-l-15-1body-2menu-3menu.png?rev=1913304&r1=1913303&r2=1913304&view=diff
==============================================================================
Binary files - no diff available.
Modified: poi/site/publish/skin/images/rc-b-r-15-1body-2menu-3menu.png
URL:
http://svn.apache.org/viewvc/poi/site/publish/skin/images/rc-b-r-15-1body-2menu-3menu.png?rev=1913304&r1=1913303&r2=1913304&view=diff
==============================================================================
Binary files - no diff available.
Modified:
poi/site/publish/skin/images/rc-b-r-5-1header-2tab-selected-3tab-selected.png
URL:
http://svn.apache.org/viewvc/poi/site/publish/skin/images/rc-b-r-5-1header-2tab-selected-3tab-selected.png?rev=1913304&r1=1913303&r2=1913304&view=diff
==============================================================================
Binary files - no diff available.
Modified:
poi/site/publish/skin/images/rc-t-l-5-1header-2searchbox-3searchbox.png
URL:
http://svn.apache.org/viewvc/poi/site/publish/skin/images/rc-t-l-5-1header-2searchbox-3searchbox.png?rev=1913304&r1=1913303&r2=1913304&view=diff
==============================================================================
Binary files - no diff available.
Modified:
poi/site/publish/skin/images/rc-t-l-5-1header-2tab-selected-3tab-selected.png
URL:
http://svn.apache.org/viewvc/poi/site/publish/skin/images/rc-t-l-5-1header-2tab-selected-3tab-selected.png?rev=1913304&r1=1913303&r2=1913304&view=diff
==============================================================================
Binary files - no diff available.
Modified:
poi/site/publish/skin/images/rc-t-l-5-1header-2tab-unselected-3tab-unselected.png
URL:
http://svn.apache.org/viewvc/poi/site/publish/skin/images/rc-t-l-5-1header-2tab-unselected-3tab-unselected.png?rev=1913304&r1=1913303&r2=1913304&view=diff
==============================================================================
Binary files - no diff available.
Modified: poi/site/publish/skin/images/rc-t-r-15-1body-2menu-3menu.png
URL:
http://svn.apache.org/viewvc/poi/site/publish/skin/images/rc-t-r-15-1body-2menu-3menu.png?rev=1913304&r1=1913303&r2=1913304&view=diff
==============================================================================
Binary files - no diff available.
Modified:
poi/site/publish/skin/images/rc-t-r-5-1header-2searchbox-3searchbox.png
URL:
http://svn.apache.org/viewvc/poi/site/publish/skin/images/rc-t-r-5-1header-2searchbox-3searchbox.png?rev=1913304&r1=1913303&r2=1913304&view=diff
==============================================================================
Binary files - no diff available.
Modified:
poi/site/publish/skin/images/rc-t-r-5-1header-2tab-selected-3tab-selected.png
URL:
http://svn.apache.org/viewvc/poi/site/publish/skin/images/rc-t-r-5-1header-2tab-selected-3tab-selected.png?rev=1913304&r1=1913303&r2=1913304&view=diff
==============================================================================
Binary files - no diff available.
Modified:
poi/site/publish/skin/images/rc-t-r-5-1header-2tab-unselected-3tab-unselected.png
URL:
http://svn.apache.org/viewvc/poi/site/publish/skin/images/rc-t-r-5-1header-2tab-unselected-3tab-unselected.png?rev=1913304&r1=1913303&r2=1913304&view=diff
==============================================================================
Binary files - no diff available.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
